Merge pull request 'feat: use helper' (#6104) from tmp/secrets-3 into main

Reviewed-on: #6104

clusters/cl01tl/helm/argocd/templates/_helpers.tpl

@@ -0,0 +1,14 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}

clusters/cl01tl/helm/argocd/templates/external-secret.yaml

@@ -4,9 +4,8 @@ metadata:
   name: argocd-oidc-authentik
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: argocd-oidc-authentik
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -28,9 +27,8 @@ metadata:
   name: argocd-notifications-ntfy
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: argocd-notifications-ntfy
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl

@@ -0,0 +1,27 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.booksNfsName" -}}
+audiobookshelf-books-nfs-storage
+{{- end -}}
+{{- define "custom.audiobooksNfsName" -}}
+audiobookshelf-audiobooks-nfs-storage
+{{- end -}}
+{{- define "custom.podcastsNfsName" -}}
+audiobookshelf-podcasts-nfs-storage
+{{- end -}}

clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml

@@ -4,9 +4,8 @@ metadata:
   name: audiobookshelf-config-apprise
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: audiobookshelf-config-apprise
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml

@@ -1,14 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: audiobookshelf-books-nfs-storage
+  name: {{ include "custom.booksNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.booksNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{ include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{ .Template.Name }}
+  volumeName: {{ include "custom.booksNfsName" . }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany
@@ -20,14 +19,13 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: audiobookshelf-audiobooks-nfs-storage
+  name: {{ include "custom.audiobooksNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{ .Template.Name }}
+  volumeName: {{ include "custom.audiobooksNfsName" . }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany
@@ -39,14 +37,13 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: audiobookshelf-podcasts-nfs-storage
+  name: {{ include "custom.podcastsNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{ .Template.Name }}
+  volumeName: {{ include "custom.podcastsNfsName" . }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany

clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml

@@ -1,12 +1,11 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: audiobookshelf-books-nfs-storage
+  name: {{ include "custom.booksNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.booksNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client
@@ -26,12 +25,11 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: audiobookshelf-audiobooks-nfs-storage
+  name: {{ include "custom.audiobooksNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client
@@ -51,12 +49,11 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: audiobookshelf-podcasts-nfs-storage
+  name: {{ include "custom.podcastsNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client

clusters/cl01tl/helm/authentik/templates/_helpers.tpl

@@ -0,0 +1,14 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}

clusters/cl01tl/helm/authentik/templates/external-secret.yaml

@@ -4,9 +4,8 @@ metadata:
   name: authentik-key
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: authentik-key
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/authentik/templates/ingress.yaml

@@ -1,13 +1,12 @@
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: authentik-tailscale
+  name: {{ .Release.Name }}-tailscale
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ .Release.Name }}-tailscale
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
     tailscale.com/proxy-class: no-metrics
+    {{- include "custom.labels" . | nindent 4 }}
   annotations:
     tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
 spec:

clusters/cl01tl/helm/authentik/templates/reference-grant.yaml

@@ -4,9 +4,8 @@ metadata:
   name: allow-outpost-cross-namespace-access
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: allow-outpost-cross-namespace-access
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   from:
     - group: gateway.networking.k8s.io

clusters/cl01tl/helm/backrest/templates/_helpers.tpl

@@ -0,0 +1,24 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.storageNfsName" -}}
+backrest-nfs-storage
+{{- end -}}
+{{- define "custom.shareNfsName" -}}
+backrest-nfs-share
+{{- end -}}

clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml

@@ -1,14 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: backrest-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{ .Template.Name }}
+  volumeName: {{ include "custom.storageNfsName" . }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany
@@ -20,14 +19,13 @@ spec:
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: backrest-nfs-share
+  name: {{ include "custom.shareNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.shareNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{ .Template.Name }}
+  volumeName: {{ include "custom.shareNfsName" . }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany

clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml

@@ -1,12 +1,11 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: backrest-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client
@@ -26,12 +25,11 @@ spec:
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: backrest-nfs-share
+  name: {{ include "custom.shareNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.shareNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client

clusters/cl01tl/helm/bazarr/templates/_helpers.tpl

@@ -0,0 +1,21 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.storageNfsName" -}}
+bazarr-nfs-storage
+{{- end -}}

clusters/cl01tl/helm/bazarr/templates/external-secret.yaml

@@ -4,9 +4,8 @@ metadata:
   name: bazarr-key
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: bazarr-key
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml

@@ -1,14 +1,13 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: bazarr-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
-  volumeName: {{ .Template.Name }}
+  volumeName: {{ include "custom.storageNfsName" . }}
   storageClassName: nfs-client
   accessModes:
     - ReadWriteMany

clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml

@@ -1,12 +1,11 @@
 apiVersion: v1
 kind: PersistentVolume
 metadata:
-  name: bazarr-nfs-storage
+  name: {{ include "custom.storageNfsName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   persistentVolumeReclaimPolicy: Retain
   storageClassName: nfs-client

clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl

@@ -0,0 +1,24 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+NFS names
+*/}}
+{{- define "custom.cloudflareSecretName" -}}
+cert-manager-cloudflare-api-token
+{{- end -}}
+{{- define "custom.cloudflareSecretKey" -}}
+api-token
+{{- end -}}

clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml

@@ -4,9 +4,8 @@ metadata:
   name: letsencrypt-issuer
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: letsencrypt-issuer
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   acme:
     email: alexanderlebens@gmail.com
@@ -22,5 +21,5 @@ spec:
           cloudflare:
             email: alexanderlebens@gmail.com
             apiTokenSecretRef:
-              name: cloudflare-api-token
+              name: {{ include "custom.cloudflareSecretName" . }}
-              key: api-token
+              key: {{ include "custom.cloudflareSecretKey" . }}

clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml

@@ -1,18 +1,17 @@
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
 metadata:
-  name: cloudflare-api-token
+  name: {{ include "custom.cloudflareSecretName" . }}
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: {{ include "custom.cloudflareSecretName" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
     name: openbao
   data:
-    - secretKey: api-token
+    - secretKey: {{ include "custom.cloudflareSecretKey" . }}
       remoteRef:
         key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
         property: token

clusters/cl01tl/helm/cilium/templates/_helpers.tpl

@@ -0,0 +1,14 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}

clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml

@@ -1,19 +0,0 @@
-# apiVersion: cilium.io/v2
-# kind: CiliumBGPAdvertisement
-# metadata:
-#   name: cilium-bgp-advertisements
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: {{ .Template.Name }}
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   advertisements:
-#     - advertisementType: "Service"
-#       service:
-#         addresses:
-#           - ExternalIP
-#           - LoadBalancerIP
-#       selector:
-#         matchExpressions:
-#          - {key: somekey, operator: NotIn, values: ['never-used-value']}

clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml

@@ -1,22 +0,0 @@
-# apiVersion: cilium.io/v2
-# kind: CiliumBGPClusterConfig
-# metadata:
-#   name: cilium-bgp
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: {{ .Template.Name }}
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   nodeSelector:
-#     matchLabels:
-#       node-role.kubernetes.io/bgp: "65020"
-#   bgpInstances:
-#     - name: "65020"
-#       localASN: 65020
-#       peers:
-#         - name: "udm-65000"
-#           peerASN: 65000
-#           peerAddress: 192.168.1.1
-#           peerConfigRef:
-#             name: "cilium-peer"

clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml

@@ -1,23 +0,0 @@
-# apiVersion: cilium.io/v2
-# kind: CiliumBGPPeerConfig
-# metadata:
-#   name: cilium-peer
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: {{ .Template.Name }}
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-# spec:
-#   timers:
-#     holdTimeSeconds: 9
-#     keepAliveTimeSeconds: 3
-#   ebgpMultihop: 4
-#   gracefulRestart:
-#     enabled: true
-#     restartTimeSeconds: 15
-#   families:
-#     - afi: ipv4
-#       safi: unicast
-#       advertisements:
-#         matchLabels:
-#           app.kubernetes.io/name: cilium-bgp-advertisements

clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml

@@ -4,9 +4,8 @@ metadata:
   name: default-ip-pool
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: default-ip-pool
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   blocks:
     - start: "10.232.1.21"
@@ -19,9 +18,8 @@ metadata:
   name: bgp-ip-pool
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: bgp-ip-pool
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   blocks:
     - start: "10.232.2.100"

clusters/cl01tl/helm/cilium/templates/gateway.yaml

@@ -1,45 +0,0 @@
-# apiVersion: gateway.networking.k8s.io/v1
-# kind: Gateway
-# metadata:
-#   name: cilium-tls-gateway
-#   namespace: {{ .Release.Namespace }}
-#   labels:
-#     app.kubernetes.io/name: {{ .Template.Name }}
-#     app.kubernetes.io/instance: {{ .Release.Name }}
-#     app.kubernetes.io/part-of: {{ .Release.Name }}
-#   annotations:
-#     cert-manager.io/cluster-issuer: letsencrypt-issuer
-# spec:
-#   addresses:
-#     - type: IPAddress
-#       value: 10.232.1.23
-#   gatewayClassName: cilium
-#   listeners:
-#     - allowedRoutes:
-#         namespaces:
-#           from: All
-#       hostname: '*.alexlebens.net'
-#       name: https
-#       port: 443
-#       protocol: HTTPS
-#       tls:
-#         certificateRefs:
-#           - group: ''
-#             kind: Secret
-#             name: https-gateway-cert
-#             namespace: kube-system
-#         mode: Terminate
-#     - allowedRoutes:
-#         namespaces:
-#           from: All
-#       hostname: 'alexlebens.net'
-#       name: https-domain
-#       port: 443
-#       protocol: HTTPS
-#       tls:
-#         certificateRefs:
-#           - group: ''
-#             kind: Secret
-#             name: https-gateway-cert
-#             namespace: kube-system
-#         mode: Terminate

clusters/cl01tl/helm/cilium/templates/http-route.yaml

@@ -4,9 +4,8 @@ metadata:
   name: hubble
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: hubble
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   parentRefs:
     - group: gateway.networking.k8s.io

clusters/cl01tl/helm/dawarich/templates/_helpers.tpl

@@ -0,0 +1,14 @@
+{{/*
+Common labels
+*/}}
+{{- define "custom.labels" -}}
+{{ include "custom.selectorLabels" $ }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "custom.selectorLabels" -}}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/part-of: {{ .Release.Name }}
+{{- end }}

clusters/cl01tl/helm/dawarich/templates/external-secret.yaml

@@ -4,9 +4,8 @@ metadata:
   name: dawarich-key
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: dawarich-key
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore
@@ -24,9 +23,8 @@ metadata:
   name: dawarich-oidc-authentik
   namespace: {{ .Release.Namespace }}
   labels:
-    app.kubernetes.io/name: {{ .Template.Name }}
+    app.kubernetes.io/name: dawarich-oidc-authentik
-    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- include "custom.labels" . | nindent 4 }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
 spec:
   secretStoreRef:
     kind: ClusterSecretStore

renovate.json

@@ -89,10 +89,10 @@
     {
       "description": "Specific app grouping overrides",
       "matchPackageNames": [
-        "/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|tdarr|traefik)/",
+        "/(^|/|-)(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|stalwartlabs|tdarr|traefik)/",
         "/^rook(-ceph|/rook|/ceph)/"
       ],
-      "groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|tdarr|traefik).*$' '$1' depName}}}{{/if}}",
+      "groupName": "{{#if packageName}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|stalwartlabs|tdarr|traefik).*$' '$1' packageName}}}{{else}}{{{replace '^.*(argo-cd|bazarr|cilium|dawarich|element-web|home-assistant|immich|komodo|plex|postiz|prowlarr|radarr|rook-ceph|roundcube|rybbit|sonarr|sparkyfitness|stalwartlabs|tdarr|traefik).*$' '$1' depName}}}{{/if}}",
       "groupSlug": "unified-{{{groupName}}}"
     },
     {