alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 7 Actions Activity

feat: refactor apps
Some checks failed
lint-test-helm / lint-helm (pull_request) Failing after 18s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details

Browse Source
This commit is contained in:
Alex Lebens
2026-04-02 20:25:22 -05:00
parent 98e796a79f
commit d9e1766527
9 changed files with 33 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
clusters/cl01tl/helm/kiwix/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Kiwix
keywords: keywords:
- kiwix - kiwix
- wikipedia - wikipedia
home: https://wiki.alexlebens.dev/s/16eaaf92-3607-421f-bc66-cb3c39eeaea0 home: https://docs.alexlebens.dev/applications/kiwix/
sources: sources:
- https://github.com/kiwix - https://github.com/kiwix
- https://github.com/kiwix/kiwix-tools/pkgs/container/kiwix-serve - https://github.com/kiwix/kiwix-tools/pkgs/container/kiwix-serve

14
clusters/cl01tl/helm/kiwix/values.yaml
View File

@@ -4,13 +4,11 @@ kiwix:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/kiwix/kiwix-serve repository: ghcr.io/kiwix/kiwix-serve
tag: 3.8.2 tag: 3.8.2@sha256:acdab28186a66b51bfd4202210c6732931ea95cf41c711148a0c9770b9fcc9e1
pullPolicy: IfNotPresent
args: args:
- '*.zim' - '*.zim'
env: env:
@@ -18,8 +16,8 @@ kiwix:
value: 8080 value: 8080
resources: resources:
requests: requests:
cpu: 50m cpu: 1m
memory: 512Mi memory: 10Mi
service: service:
main: main:
controller: main controller: main
@@ -27,7 +25,6 @@ kiwix:
http: http:
port: 80 port: 80
targetPort: 8080 targetPort: 8080
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -40,11 +37,8 @@ kiwix:
- kiwix.alexlebens.net - kiwix.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: kiwix
kind: Service
name: kiwix
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

12
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -4,16 +4,16 @@ version: 1.0.0
description: Komodo description: Komodo
keywords: keywords:
- komodo - komodo
- deployment - docker-deployment
- dashboard home: https://docs.alexlebens.dev/applications/komodo/
- docker-compose
home: https://wiki.alexlebens.dev/s/bb7eb683-b5c7-4f50-9f2c-e8e57dc67c81
sources: sources:
- https://github.com/moghtech/komodo - https://github.com/moghtech/komodo
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/FerretDB/FerretDB
- https://github.com/moghtech/komodo/pkgs/container/komodo-core - https://github.com/moghtech/komodo/pkgs/container/komodo-core
- https://github.com/ferretdb/FerretDB/pkgs/container/ferretdb
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgresql-17-fdb-cluster alias: postgresql-17-fdb-cluster
version: 7.10.0 version: 7.11.1
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-keys alias: volsync-target-keys

21
clusters/cl01tl/helm/komodo/templates/external-secret.yaml
View File

@@ -14,38 +14,23 @@ spec:
data: data:
- secretKey: passkey - secretKey: passkey
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/config key: /cl01tl/komodo/config
metadataPolicy: None
property: passkey property: passkey
- secretKey: jwt - secretKey: jwt
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/config key: /cl01tl/komodo/config
metadataPolicy: None
property: jwt property: jwt
- secretKey: webhook - secretKey: webhook
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/config key: /cl01tl/komodo/config
metadataPolicy: None
property: webhook property: webhook
- secretKey: oidc-client-id - secretKey: oidc-client-id
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/komodo key: /authentik/oidc/komodo
metadataPolicy: None
property: client property: client
- secretKey: oidc-client-secret - secretKey: oidc-client-secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/komodo key: /authentik/oidc/komodo
metadataPolicy: None
property: secret property: secret
--- ---
@@ -65,15 +50,9 @@ spec:
data: data:
- secretKey: uri - secretKey: uri
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret key: /cl01tl/komodo/ferret
metadataPolicy: None
property: uri property: uri
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/komodo/ferret key: /cl01tl/komodo/ferret
metadataPolicy: None
property: password property: password

48
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -10,7 +10,6 @@ komodo:
image: image:
repository: ghcr.io/moghtech/komodo-core repository: ghcr.io/moghtech/komodo-core
tag: 2.1.1@sha256:2bbbb1efd3534211dac35091e0818f10398d9bdd98fdbf0ddef09e9e0b5ec4ba tag: 2.1.1@sha256:2bbbb1efd3534211dac35091e0818f10398d9bdd98fdbf0ddef09e9e0b5ec4ba
pullPolicy: IfNotPresent
env: env:
- name: COMPOSE_LOGGING_DRIVER - name: COMPOSE_LOGGING_DRIVER
value: local value: local
@@ -45,7 +44,7 @@ komodo:
- name: KOMODO_LOCAL_AUTH - name: KOMODO_LOCAL_AUTH
value: true value: true
- name: KOMODO_ENABLE_NEW_USERS - name: KOMODO_ENABLE_NEW_USERS
value: true value: false
- name: KOMODO_DISABLE_NON_ADMIN_CREATE - name: KOMODO_DISABLE_NON_ADMIN_CREATE
value: true value: true
- name: KOMODO_TRANSPARENT_MODE - name: KOMODO_TRANSPARENT_MODE
@@ -82,18 +81,16 @@ komodo:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 128Mi memory: 80Mi
ferretdb-2: ferretdb-2:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/ferretdb/ferretdb repository: ghcr.io/ferretdb/ferretdb
tag: 2.7.0 tag: 2.7.0@sha256:5706414241eb84f0515512c37b46db0f1b1eac9e5ceb7e4c2523211c184b1985
pullPolicy: IfNotPresent
env: env:
- name: DB_USERNAME - name: DB_USERNAME
value: ferret value: ferret
@@ -106,8 +103,8 @@ komodo:
value: postgresql://$(DB_USERNAME):$(DB_PASSWORD)@komodo-postgresql-17-fdb-cluster-rw.komodo.svc.cluster.local:5432/ferretDB value: postgresql://$(DB_USERNAME):$(DB_PASSWORD)@komodo-postgresql-17-fdb-cluster-rw.komodo.svc.cluster.local:5432/ferretDB
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 20Mi
service: service:
main: main:
controller: main controller: main
@@ -115,14 +112,12 @@ komodo:
http: http:
port: 80 port: 80
targetPort: 9120 targetPort: 9120
protocol: HTTP
ferretdb-2: ferretdb-2:
controller: ferretdb-2 controller: ferretdb-2
ports: ports:
http: http:
port: 27017 port: 27017
targetPort: 27017 targetPort: 27017
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute
@@ -135,11 +130,8 @@ komodo:
- komodo.alexlebens.net - komodo.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- group: '' - name: komodo-main
kind: Service
name: komodo-main
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -150,7 +142,6 @@ komodo:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -160,7 +151,6 @@ komodo:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -170,7 +160,6 @@ komodo:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -182,7 +171,7 @@ postgresql-17-fdb-cluster:
cluster: cluster:
image: image:
repository: ghcr.io/ferretdb/postgres-documentdb repository: ghcr.io/ferretdb/postgres-documentdb
tag: "17-0.106.0-ferretdb-2.5.0" tag: 17-0.107.0-ferretdb-2.7.0@sha256:2386795ec2aa7ae559304361979f1dc5708d383ee9020ae63dadc2940dfe58f7
postgresUID: 999 postgresUID: 999
postgresGID: 999 postgresGID: 999
postgresql: postgresql:
@@ -224,35 +213,12 @@ postgresql-17-fdb-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 50 14 * * *" schedule: "0 50 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
volsync-target-keys: volsync-target-keys:
pvcTarget: komodo-keys pvcTarget: komodo-keys
local: local:

8
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 82.16.1 version: 82.16.2
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.5.0
digest: sha256:ece31be37d2fa7c7c59058e2d47e8190bea3baa742b4f04fe793956cd2d52f7f digest: sha256:6f3598d0d38a17736419fe8d0e5e0899b774d91c38ef9a4f87743f81c729584c
generated: "2026-04-02T07:03:55.367235416Z" generated: "2026-04-02T20:00:01.560565-05:00"

12
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -5,17 +5,15 @@ description: Kube Prometheus Stack
keywords: keywords:
- kube-prometheus-stack - kube-prometheus-stack
- prometheus - prometheus
- alertmanager home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/
- metrics
- alerts
- kubernetes
home: https://wiki.alexlebens.dev/s/cd9fc3a4-aa88-4285-8886-91a6c5aecf7d
sources: sources:
- https://github.com/prometheus/prometheus - https://github.com/prometheus/prometheus
- https://github.com/prometheus-operator/kube-prometheus - https://github.com/prometheus-operator/kube-prometheus
- https://github.com/alexbakker/alertmanager-ntfy - https://git.xenrox.net/~xenrox/ntfy-alertmanager/
- https://hub.docker.com/r/xenrox/ntfy-alertmanager
- https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
- https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -28,7 +26,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.4.0 version: 0.5.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator

12
clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml
View File

@@ -14,10 +14,7 @@ spec:
data: data:
- secretKey: ntfy_password - secretKey: ntfy_password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
metadataPolicy: None
property: ntfy_password property: ntfy_password
--- ---
@@ -37,10 +34,7 @@ spec:
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/token key: /garage/token
metadataPolicy: None
property: metric property: metric
--- ---
@@ -60,15 +54,9 @@ spec:
data: data:
- secretKey: ntfy_password - secretKey: ntfy_password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
metadataPolicy: None
property: ntfy_password property: ntfy_password
- secretKey: config - secretKey: config
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager
metadataPolicy: None
property: config property: config

38
clusters/cl01tl/helm/kube-prometheus-stack/values.yaml
View File

@@ -9,10 +9,8 @@ kube-prometheus-stack:
kubeSchedulerRecording: false kubeSchedulerRecording: false
global: global:
rbac: rbac:
create: true
createAggregateClusterRoles: true createAggregateClusterRoles: true
alertmanager: alertmanager:
enabled: true
config: config:
route: route:
group_by: ["namespace", "alertname"] group_by: ["namespace", "alertname"]
@@ -36,8 +34,6 @@ kube-prometheus-stack:
route: route:
main: main:
enabled: true enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames: hostnames:
- alertmanager.alexlebens.net - alertmanager.alexlebens.net
parentRefs: parentRefs:
@@ -45,14 +41,9 @@ kube-prometheus-stack:
kind: Gateway kind: Gateway
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
matches:
- path:
type: PathPrefix
value: /
alertmanagerSpec: alertmanagerSpec:
secrets: secrets:
- alertmanager-config-secret - alertmanager-config-secret
replicas: 1
grafana: grafana:
enabled: false enabled: false
kubeApiServer: kubeApiServer:
@@ -61,11 +52,13 @@ kube-prometheus-stack:
kubeControllerManager: kubeControllerManager:
enabled: false enabled: false
kubeEtcd: kubeEtcd:
enabled: true
service: service:
selector: selector:
k8s-app: kube-controller-manager k8s-app: kube-controller-manager
serviceMonitor: serviceMonitor:
metricRelabelings:
- action: labeldrop
regex: pod
relabelings: relabelings:
- sourceLabels: [__meta_kubernetes_pod_node_name] - sourceLabels: [__meta_kubernetes_pod_node_name]
separator: ; separator: ;
@@ -73,22 +66,12 @@ kube-prometheus-stack:
targetLabel: nodename targetLabel: nodename
replacement: $1 replacement: $1
action: replace action: replace
metricRelabelings:
- action: labeldrop
regex: pod
kubeScheduler: kubeScheduler:
enabled: false enabled: false
kubeProxy: kubeProxy:
enabled: false enabled: false
kubeStateMetrics:
enabled: true
nodeExporter:
operatingSystems:
darwin:
enabled: false
prometheusOperator: prometheusOperator:
admissionWebhooks: admissionWebhooks:
enabled: true
annotations: annotations:
argocd.argoproj.io/hook: PreSync argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: HookSucceeded argocd.argoproj.io/hook-delete-policy: HookSucceeded
@@ -106,8 +89,6 @@ kube-prometheus-stack:
route: route:
main: main:
enabled: true enabled: true
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
hostnames: hostnames:
- prometheus.alexlebens.net - prometheus.alexlebens.net
parentRefs: parentRefs:
@@ -115,13 +96,10 @@ kube-prometheus-stack:
kind: Gateway kind: Gateway
name: traefik-gateway name: traefik-gateway
namespace: traefik namespace: traefik
matches:
- path:
type: PathPrefix
value: /
prometheusSpec: prometheusSpec:
scrapeInterval: 30s scrapeInterval: 30s
retention: 30d retention: 45d
retentionSize: 240Gi
externalUrl: https://prometheus.alexlebens.net externalUrl: https://prometheus.alexlebens.net
ruleSelectorNilUsesHelmValues: false ruleSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false
@@ -142,14 +120,11 @@ ntfy-alertmanager:
main: main:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: xenrox/ntfy-alertmanager repository: xenrox/ntfy-alertmanager
tag: 1.0.0 tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73
pullPolicy: IfNotPresent
service: service:
main: main:
controller: main controller: main
@@ -157,7 +132,6 @@ ntfy-alertmanager:
http: http:
port: 80 port: 80
targetPort: 8080 targetPort: 8080
protocol: HTTP
persistence: persistence:
config: config:
enabled: true enabled: true