add render manifest workflow

clusters/cl01tl/helm/code-server/Chart.yaml

@@ -0,0 +1,28 @@
+apiVersion: v2
+name: code-server
+version: 1.0.0
+description: Code Server
+keywords:
+  - code-server
+  - code
+  - ide
+home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
+sources:
+  - https://github.com/coder/code-server
+  - https://github.com/cloudflare/cloudflared
+  - https://hub.docker.com/r/linuxserver/code-server
+  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
+  - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: app-template
+    alias: code-server
+    repository: https://bjw-s-labs.github.io/helm-charts/
+    version: 4.4.0
+  - name: cloudflared
+    alias: cloudflared
+    repository: oci://harbor.alexlebens.net/helm-charts
+    version: 1.23.0
+icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
+appVersion: 4.100.2

clusters/cl01tl/helm/code-server/templates/external-secret.yaml

@@ -0,0 +1,51 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: codeserver-password-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: codeserver-password-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/code-server/auth
+        metadataPolicy: None
+        property: PASSWORD
+    - secretKey: SUDO_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/code-server/auth
+        metadataPolicy: None
+        property: SUDO_PASSWORD
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: code-server-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: code-server-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/codeserver
+        metadataPolicy: None
+        property: token

clusters/cl01tl/helm/code-server/templates/http-route.yaml

@@ -0,0 +1,28 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-code-server
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-code-server
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - code-server.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: code-server
+          port: 8443
+          weight: 100

clusters/cl01tl/helm/code-server/templates/persistent-volume-claim.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: code-server-nfs-storage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: code-server-nfs-storage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  volumeMode: Filesystem
+  storageClassName: nfs-client
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi

clusters/cl01tl/helm/code-server/values.yaml

@@ -0,0 +1,47 @@
+code-server:
+  controllers:
+    main:
+      type: deployment
+      replicas: 1
+      strategy: Recreate
+      revisionHistoryLimit: 3
+      containers:
+        main:
+          image:
+            repository: ghcr.io/linuxserver/code-server
+            tag: 4.106.2@sha256:a98afdbcb59559f11e5e8df284062e55da1076b2e470e13db4aae133ea82bad0
+            pullPolicy: IfNotPresent
+          env:
+            - name: TZ
+              value: US/Central
+            - name: PUID
+              value: 1000
+            - name: PGID
+              value: 1000
+            - name: DEFAULT_WORKSPACE
+              value: /config
+          envFrom:
+            - secretRef:
+                name: codeserver-password-secret
+          resources:
+            requests:
+              cpu: 10m
+              memory: 128Mi
+  service:
+    main:
+      controller: main
+      ports:
+        http:
+          port: 8443
+          targetPort: 8443
+          protocol: HTTP
+  persistence:
+    config:
+      existingClaim: code-server-nfs-storage
+      advancedMounts:
+        main:
+          main:
+            - path: /config
+              readOnly: false
+cloudflared:
+  existingSecretName: code-server-cloudflared-secret