alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

feat: migration to v5 accounts
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 37s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 37s
Details
render-manifests / render-manifests (pull_request) Successful in 1m29s
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-05-07 16:22:10 -05:00
parent e81ba80386
commit ce9a289aec
11 changed files with 20 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -8,8 +8,6 @@ homepage:
strategy: Recreate
annotations:
reloader.stakater.com/auto: "true"
serviceAccount:
name: homepage
pod:
automountServiceAccountToken: true
containers:
@@ -27,10 +25,6 @@ homepage:
requests:
cpu: 1m
memory: 128Mi
serviceAccount:
homepage:
enabled: true
staticToken: true
configMaps:
config:
enabled: true

8
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -4,8 +4,8 @@ immich:
type: deployment
replicas: 1
strategy: Recreate
serviceAccount:
name: immich
pod:
automountServiceAccountToken: true
containers:
main:
image:
@@ -88,10 +88,6 @@ immich:
gpu.intel.com/i915: 1
cpu: 10m
memory: 500Mi
serviceAccount:
immich:
enabled: true
staticToken: true
service:
main:
controller: main

8
clusters/cl01tl/helm/isponsorblocktv/values.yaml
View File

@@ -4,8 +4,8 @@ isponsorblocktv:
type: deployment
replicas: 1
strategy: Recreate
serviceAccount:
name: isponsorblocktv
pod:
automountServiceAccountToken: true
containers:
main:
image:
@@ -15,10 +15,6 @@ isponsorblocktv:
requests:
cpu: 1m
memory: 20Mi
serviceAccount:
isponsorblocktv:
enabled: true
staticToken: true
persistence:
config:
type: custom

8
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -121,17 +121,13 @@ ntfy-alertmanager:
type: deployment
replicas: 1
strategy: Recreate
serviceAccount:
name: ntfy-alertmanager
pod:
automountServiceAccountToken: true
containers:
main:
image:
repository: xenrox/ntfy-alertmanager
tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73
serviceAccount:
ntfy-alertmanager:
enabled: true
staticToken: true
service:
main:
controller: main

6
clusters/cl01tl/helm/kubelet-serving-cert-approver/values.yaml
View File

@@ -29,8 +29,6 @@ kubelet-serving-cert-approver:
type: deployment
replicas: 1
strategy: Recreate
serviceAccount:
name: kubelet-serving-cert-approver
pod:
automountServiceAccountToken: true
containers:
@@ -57,10 +55,6 @@ kubelet-serving-cert-approver:
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
serviceAccount:
kubelet-serving-cert-approver:
enabled: true
staticToken: true
service:
main:
controller: main

2
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -176,8 +176,6 @@ matrix-hookshot:
type: deployment
replicas: 1
strategy: Recreate
serviceAccount:
name: matrix-synapse
containers:
main:
image:

8
clusters/cl01tl/helm/qbittorrent/values.yaml
View File

@@ -130,8 +130,8 @@ qbittorrent:
reloader.stakater.com/auto: "true"
replicas: 1
strategy: Recreate
serviceAccount:
name: qbittorrent
pod:
automountServiceAccountToken: true
initContainers:
init-copy-config:
image:
@@ -229,10 +229,6 @@ qbittorrent:
requests:
cpu: 10m
memory: 70Mi
serviceAccount:
qbittorrent:
enabled: true
staticToken: true
service:
main:
controller: main

5
clusters/cl01tl/helm/searxng/values.yaml
View File

@@ -4,8 +4,8 @@ searxng:
type: deployment
replicas: 1
strategy: Recreate
serviceAccount:
name: searxng
pod:
automountServiceAccountToken: true
containers:
main:
image:
@@ -63,6 +63,7 @@ searxng:
serviceAccount:
searxng:
enabled: true
staticToken: true
service:
api:
controller: api

6
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -4,9 +4,8 @@ slskd:
type: deployment
replicas: 1
strategy: Recreate
serviceAccount:
name: slskd
pod:
automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
@@ -109,9 +108,6 @@ slskd:
devic.es/tun: "1"
requests:
devic.es/tun: "1"
serviceAccount:
slskd:
enabled: true
service:
main:
controller: main

18
clusters/cl01tl/helm/talos/values.yaml
View File

@@ -3,6 +3,7 @@ etcd-backup:
local:
type: cronjob
pod:
automountServiceAccountToken: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
@@ -15,8 +16,6 @@ etcd-backup:
schedule: 0 2 * * *
backoffLimit: 3
parallelism: 1
serviceAccount:
name: talos-backup
containers:
backup:
image:
@@ -91,6 +90,7 @@ etcd-backup:
remote:
type: cronjob
pod:
automountServiceAccountToken: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
@@ -103,8 +103,6 @@ etcd-backup:
schedule: 0 3 * * *
backoffLimit: 3
parallelism: 1
serviceAccount:
name: talos-backup
containers:
backup:
image:
@@ -179,6 +177,7 @@ etcd-backup:
external:
type: cronjob
pod:
automountServiceAccountToken: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
@@ -191,8 +190,6 @@ etcd-backup:
schedule: 0 4 * * *
backoffLimit: 3
parallelism: 1
serviceAccount:
name: talos-backup
containers:
backup:
image:
@@ -387,6 +384,7 @@ etcd-defrag:
defrag-1:
type: cronjob
pod:
automountServiceAccountToken: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
@@ -399,8 +397,6 @@ etcd-defrag:
schedule: 0 0 * * 0
backoffLimit: 3
parallelism: 1
serviceAccount:
name: talos-defrag
containers:
main:
image:
@@ -417,6 +413,7 @@ etcd-defrag:
defrag-2:
type: cronjob
pod:
automountServiceAccountToken: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
@@ -429,8 +426,6 @@ etcd-defrag:
schedule: 10 0 * * 0
backoffLimit: 3
parallelism: 1
serviceAccount:
name: talos-defrag
containers:
main:
image:
@@ -447,6 +442,7 @@ etcd-defrag:
defrag-3:
type: cronjob
pod:
automountServiceAccountToken: true
nodeSelector:
node-role.kubernetes.io/control-plane: ""
tolerations:
@@ -459,8 +455,6 @@ etcd-defrag:
schedule: 20 0 * * 0
backoffLimit: 3
parallelism: 1
serviceAccount:
name: talos-defrag
containers:
main:
image:

4
clusters/cl01tl/helm/vault/values.yaml
View File

@@ -101,14 +101,14 @@ snapshot:
controllers:
snapshot:
type: cronjob
pod:
automountServiceAccountToken: true
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 4 * * *
backoffLimit: 3
parallelism: 1
serviceAccount:
name: vault
initContainers:
snapshot:
image: