alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 3 Actions Activity

Merge pull request 'Automated Manifest Update' (#5509) from auto/update-manifests into manifests

Browse Source 
Reviewed-on: #5509
This commit was merged in pull request #5509.
This commit is contained in:
Alex Lebens
2026-04-05 00:25:25 +00:00
parent 6b23d70fe8 33538d4987
commit c45d9eb5a6
22 changed files with 302 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/cl01tl/manifests/homepage/ConfigMap-homepage.yaml
View File

@@ -773,7 +773,7 @@ data:
siteMonitor: http://yubal.yubal:80
statusStyle: dot
- Music Grabber:
icon: sh-music-service.webp
icon: sh-music-grabber.webp
description: Replicate Music playlists
href: https://music-grabber.alexlebens.net
siteMonitor: http://music-grabber.music-grabber:80

2
clusters/cl01tl/manifests/homepage/Deployment-homepage.yaml
View File

@@ -24,7 +24,7 @@ spec:
template:
metadata:
annotations:
checksum/configMaps: 50f931b34e6426dd49ee991e141af06691c31a739759f30cc262f461e4aa9e15
checksum/configMaps: 25d95f4e20076f5e4f3eecd74cdc275731e8707fae04b371f1886a60b02335f3
checksum/secrets: d3ba83f111cd32f92c909268c55ad8bbd4f9e299b74b35b33c1a011180d8b378
labels:
app.kubernetes.io/controller: main

14
clusters/cl01tl/manifests/music-grabber/Deployment-music-grabber.yaml
View File

@@ -29,6 +29,9 @@ spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
hostIPC: false
hostNetwork: false
hostPID: false
@@ -67,24 +70,23 @@ spec:
name: music-grabber-config-secret
- name: SLSKD_DOWNLOADS_PATH
value: /mnt/store/slskd/Downloads
image: g33kphr33k/musicgrabber:2.5.5
imagePullPolicy: IfNotPresent
image: g33kphr33k/musicgrabber:2.5.5@sha256:756ce91653b2f5f17f8f47e5c91f07df5af82162608acdf507e6209a16725373
name: main
resources:
limits:
cpu: 100m
requests:
cpu: 10m
memory: 512Mi
memory: 50Mi
volumeMounts:
- mountPath: /data
name: cache
name: data
- mountPath: /mnt/store/
name: music
volumes:
- name: cache
- name: data
persistentVolumeClaim:
claimName: music-grabber
claimName: music-grabber-data
- name: music
persistentVolumeClaim:
claimName: music-grabber-nfs-storage

12
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-config-secret.yaml
View File

@@ -14,29 +14,17 @@ spec:
data:
- secretKey: navidrome-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/admin
metadataPolicy: None
property: user
- secretKey: navidrome-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/navidrome/admin
metadataPolicy: None
property: password
- secretKey: slskd-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/auth
metadataPolicy: None
property: user
- secretKey: slskd-password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/slskd/auth
metadataPolicy: None
property: password

58
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-external.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: music-grabber-data-backup-secret-external
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup-secret-external
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/digital-ocean
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_DEFAULT_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /digital-ocean/home-infra/volsync-backups
metadataPolicy: None
property: AWS_SECRET_ACCESS_KEY

58
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-local.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: music-grabber-data-backup-secret-local
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup-secret-local
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-local
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

58
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-data-backup-secret-remote.yaml Normal file
View File

@@ -0,0 +1,58 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: music-grabber-data-backup-secret-remote
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup-secret-remote
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
RESTIC_REPOSITORY: "{{ .BUCKET_ENDPOINT }}/music-grabber/music-grabber-data"
data:
- secretKey: BUCKET_ENDPOINT
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: BUCKET_ENDPOINT
- secretKey: RESTIC_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /volsync/restic/garage-remote
metadataPolicy: None
property: RESTIC_PASSWORD
- secretKey: AWS_DEFAULT_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_REGION
- secretKey: AWS_ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: AWS_SECRET_ACCESS_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/volsync-backups
metadataPolicy: None
property: ACCESS_SECRET_KEY

12
clusters/cl01tl/manifests/music-grabber/ExternalSecret-music-grabber-wireguard-conf.yaml
View File

@@ -14,29 +14,17 @@ spec:
data:
- secretKey: private-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: private-key
- secretKey: preshared-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: preshared-key
- secretKey: addresses
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: addresses
- secretKey: input-ports
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /airvpn/conf/cl01tl
metadataPolicy: None
property: input-ports

2
clusters/cl01tl/manifests/music-grabber/HTTPRoute-music-grabber.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: music-grabber
namespace: music-grabber
port: 80
weight: 100
weight: 1
matches:
- path:
type: PathPrefix

11
clusters/cl01tl/manifests/music-grabber/Namespace-music-grabber.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: music-grabber
labels:
app.kubernetes.io/name: music-grabber
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

4
clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber.yaml → clusters/cl01tl/manifests/music-grabber/PersistentVolumeClaim-music-grabber-data.yaml
View File

@@ -1,14 +1,12 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: music-grabber
name: music-grabber-data
labels:
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber
helm.sh/chart: music-grabber-4.6.2
annotations:
helm.sh/resource-policy: keep
namespace: music-grabber
spec:
accessModes:

29
clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-external.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: music-grabber-data-backup-source-external
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup
spec:
sourcePVC: music-grabber-data
trigger:
schedule: 46 10 * * *
restic:
pruneIntervalDays: 7
repository: music-grabber-data-backup-secret-external
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi

29
clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-local.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: music-grabber-data-backup-source-local
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup
spec:
sourcePVC: music-grabber-data
trigger:
schedule: 46 8 * * *
restic:
pruneIntervalDays: 7
repository: music-grabber-data-backup-secret-local
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi

29
clusters/cl01tl/manifests/music-grabber/ReplicationSource-music-grabber-data-backup-source-remote.yaml Normal file
View File

@@ -0,0 +1,29 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: music-grabber-data-backup-source-remote
namespace: music-grabber
labels:
helm.sh/chart: volsync-target-data-0.8.0
app.kubernetes.io/instance: music-grabber
app.kubernetes.io/part-of: music-grabber
app.kubernetes.io/version: "0.8.0"
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: music-grabber-data-backup
spec:
sourcePVC: music-grabber-data
trigger:
schedule: 46 9 * * *
restic:
pruneIntervalDays: 7
repository: music-grabber-data-backup-secret-remote
retain:
daily: 7
hourly: 0
monthly: 3
weekly: 4
yearly: 1
copyMethod: Snapshot
storageClassName: ceph-block
volumeSnapshotClassName: ceph-blockpool-snapshot
cacheCapacity: 1Gi

7
clusters/cl01tl/manifests/navidrome/Deployment-navidrome-feishin.yaml
View File

@@ -43,6 +43,9 @@ spec:
value: navidrome
- name: SERVER_URL
value: https://navidrome.alexlebens.net
image: ghcr.io/jeffvli/feishin:1.0.1-beta.1@sha256:61239641f23a33f99c2858419b14afb66683f3cd82010363fba92be3993fd894
imagePullPolicy: IfNotPresent
image: ghcr.io/jeffvli/feishin:1.9.0@sha256:5e6959afd27dabadd8f68fed8b0485d851593c61ca558194295bf8950262cc07
name: main
resources:
requests:
cpu: 1m
memory: 20Mi

8
clusters/cl01tl/manifests/navidrome/Deployment-navidrome-main.yaml
View File

@@ -29,6 +29,9 @@ spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
hostIPC: false
hostNetwork: false
hostPID: false
@@ -49,8 +52,7 @@ spec:
value: "true"
- name: ND_AUTOIMPORTPLAYLISTS
value: "true"
image: deluan/navidrome:0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b
imagePullPolicy: IfNotPresent
image: ghcr.io/navidrome/navidrome:0.61.0@sha256:b14a6acb5cd5ee73f3a13d63d8d68ede82dedb796aa522fbada94769d990cf0b
name: main
resources:
limits:
@@ -58,7 +60,7 @@ spec:
requests:
cpu: 10m
gpu.intel.com/i915: 1
memory: 128Mi
memory: 50Mi
volumeMounts:
- mountPath: /cache
name: cache

2
clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-feishin.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: navidrome-feishin
namespace: navidrome
port: 80
weight: 100
weight: 1
matches:
- path:
type: PathPrefix

2
clusters/cl01tl/manifests/navidrome/HTTPRoute-navidrome-main.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: navidrome-main
namespace: navidrome
port: 80
weight: 100
weight: 1
matches:
- path:
type: PathPrefix

9
clusters/cl01tl/manifests/node-feature-discovery/DaemonSet-node-feature-discovery-worker.yaml
View File

@@ -40,7 +40,7 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3"
image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -67,11 +67,10 @@ spec:
fieldRef:
fieldPath: metadata.uid
resources:
limits:
memory: 512Mi
limits: {}
requests:
cpu: 20m
memory: 60Mi
cpu: 1m
memory: 20Mi
command:
- "nfd-worker"
args:

9
clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-gc.yaml
View File

@@ -32,7 +32,7 @@ spec:
hostNetwork: false
containers:
- name: gc
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3"
image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: "IfNotPresent"
livenessProbe:
httpGet:
@@ -54,11 +54,10 @@ spec:
args:
- "-gc-interval=1h"
resources:
limits:
memory: 1Gi
limits: {}
requests:
cpu: 20m
memory: 60Mi
cpu: 1m
memory: 20Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:

11
clusters/cl01tl/manifests/node-feature-discovery/Deployment-node-feature-discovery-master.yaml
View File

@@ -11,7 +11,7 @@ metadata:
app.kubernetes.io/managed-by: Helm
role: master
spec:
replicas: 2
replicas: 1
revisionHistoryLimit:
selector:
matchLabels:
@@ -42,7 +42,7 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3"
image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: IfNotPresent
startupProbe:
httpGet:
@@ -69,11 +69,10 @@ spec:
command:
- "nfd-master"
resources:
limits:
memory: 4Gi
limits: {}
requests:
cpu: 20m
memory: 60Mi
cpu: 10m
memory: 20Mi
args:
- "-enable-leader-election"
- "-feature-gates=NodeFeatureGroupAPI=true"

9
clusters/cl01tl/manifests/node-feature-discovery/Job-node-feature-discovery-prune.yaml
View File

@@ -34,7 +34,7 @@ spec:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
image: "registry.k8s.io/nfd/node-feature-discovery:v0.18.3"
image: "gcr.io/k8s-staging-nfd/node-feature-discovery:v0.18.3@sha256:f9ef2ebee55141a1758d3c0a87bb701f5db2adf6856f7218b11bc2bac7b63862"
imagePullPolicy: IfNotPresent
command:
- "nfd-master"
@@ -56,8 +56,7 @@ spec:
key: node-role.kubernetes.io/control-plane
operator: Exists
resources:
limits:
memory: 4Gi
limits: {}
requests:
cpu: 20m
memory: 60Mi
cpu: 10m
memory: 20Mi