alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

chore: Update manifests after change

Browse Source
This commit is contained in:
Gitea
2026-03-30 01:44:01 +00:00
parent 9492f0989a
commit d783406b89
10 changed files with 23 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-secret.yaml
View File

@@ -14,85 +14,49 @@ spec:
data:
- secretKey: HARBOR_ADMIN_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password
- secretKey: secretKey
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey
- secretKey: CSRF_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: CSRF_KEY
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: secret
- secretKey: tls.crt
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.crt
- secretKey: tls.key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.key
- secretKey: JOBSERVICE_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/jobservice
metadataPolicy: None
property: JOBSERVICE_SECRET
- secretKey: REGISTRY_HTTP_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTTP_SECRET
- secretKey: REGISTRY_REDIS_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_REDIS_PASSWORD
- secretKey: REGISTRY_HTPASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTPASSWD
- secretKey: REGISTRY_CREDENTIAL_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD
- secretKey: REGISTRY_PASSWD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD

2
clusters/cl01tl/manifests/harbor/StatefulSet-harbor-trivy.yaml
View File

@@ -46,7 +46,7 @@ spec:
automountServiceAccountToken: false
containers:
- name: trivy
image: goharbor/trivy-adapter-photon:v2.14.3
image: ghcr.io/goharbor/trivy-adapter-photon:v2.15.0@sha256:6fd6de9cfbbb04cb1d94722cfa01cf71b8994d3f9e7891d3b03a89a7536480ba
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false

6
clusters/cl01tl/manifests/headlamp/Deployment-headlamp.yaml
View File

@@ -32,7 +32,7 @@ spec:
runAsGroup: 101
runAsNonRoot: true
runAsUser: 100
image: "ghcr.io/headlamp-k8s/headlamp:v0.41.0"
image: "ghcr.io/headlamp-k8s/headlamp:v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb"
imagePullPolicy: IfNotPresent
envFrom:
- secretRef:
@@ -60,8 +60,8 @@ spec:
port: http
resources:
requests:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 80Mi
volumeMounts:
- name: plugins-dir
mountPath: /headlamp/plugins

18
clusters/cl01tl/manifests/headlamp/ExternalSecret-headlamp-oidc-secret.yaml
View File

@@ -14,43 +14,25 @@ spec:
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: secret
- secretKey: OIDC_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: issuer
- secretKey: OIDC_SCOPES
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-client-id

16
clusters/cl01tl/manifests/headlamp/HTTPRoute-headlamp.yaml
View File

@@ -4,9 +4,11 @@ metadata:
name: headlamp
namespace: headlamp
labels:
helm.sh/chart: headlamp-0.41.0
app.kubernetes.io/name: headlamp
app.kubernetes.io/instance: headlamp
app.kubernetes.io/part-of: headlamp
app.kubernetes.io/version: "0.41.0"
app.kubernetes.io/managed-by: Helm
spec:
parentRefs:
- group: gateway.networking.k8s.io
@@ -16,13 +18,13 @@ spec:
hostnames:
- headlamp.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
- backendRefs:
- group: ""
kind: Service
name: headlamp
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /

19
clusters/cl01tl/manifests/home-assistant/Deployment-home-assistant.yaml
View File

@@ -29,6 +29,9 @@ spec:
enableServiceLinks: false
serviceAccountName: default
automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
hostIPC: false
hostNetwork: false
hostPID: false
@@ -36,7 +39,7 @@ spec:
containers:
- env:
- name: TZ
value: US/Central
value: America/Chicago
- name: PUID
value: "1000"
- name: PGID
@@ -47,25 +50,19 @@ spec:
- secretRef:
name: home-assistant-code-server-password-secret
image: ghcr.io/linuxserver/code-server:4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
imagePullPolicy: IfNotPresent
name: code-server
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts:
- mountPath: /config/home-assistant
name: config
- env:
- name: TZ
value: US/Central
image: ghcr.io/home-assistant/home-assistant:2026.3.4
imagePullPolicy: IfNotPresent
value: America/Chicago
image: ghcr.io/home-assistant/home-assistant:2026.3.4@sha256:916682086154a7390114a9788782b8efb199852d4f7d47066722c2bc5d1829e6
name: main
resources:
requests:
cpu: 50m
memory: 512Mi
cpu: 1m
memory: 400Mi
volumeMounts:
- mountPath: /config
name: config

6
clusters/cl01tl/manifests/home-assistant/ExternalSecret-home-assistant-code-server-password-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD

3
clusters/cl01tl/manifests/home-assistant/ExternalSecret-home-assistant-token-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data:
- secretKey: bearer-token
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/auth
metadataPolicy: None
property: bearer-token

2
clusters/cl01tl/manifests/home-assistant/HTTPRoute-home-assistant-code-server.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: home-assistant-code-server
namespace: home-assistant
port: 8443
weight: 100
weight: 1
matches:
- path:
type: PathPrefix

2
clusters/cl01tl/manifests/home-assistant/HTTPRoute-home-assistant-main.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: home-assistant-main
namespace: home-assistant
port: 80
weight: 100
weight: 1
matches:
- path:
type: PathPrefix