add render manifest workflow

clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml

@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: homepage
+subjects:
+  - kind: ServiceAccount
+    name: homepage
+    namespace: {{ .Release.Namespace }}

clusters/cl01tl/helm/homepage/templates/cluster-role.yaml

@@ -0,0 +1,50 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - nodes
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - extensions
+      - networking.k8s.io
+    resources:
+      - ingresses
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - traefik.io
+    resources:
+      - ingressroutes
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - gateway.networking.k8s.io
+    resources:
+      - httproutes
+      - gateways
+    verbs:
+      - get
+      - list
+  - apiGroups:
+      - metrics.k8s.io
+    resources:
+      - nodes
+      - pods
+    verbs:
+      - get
+      - list

clusters/cl01tl/helm/homepage/templates/external-secret.yaml

@@ -0,0 +1,105 @@
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: homepage-keys-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: homepage-keys-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: HOMEPAGE_VAR_SYNOLOGY_USER
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /synology/auth/cl01tl
+        metadataPolicy: None
+        property: user
+    - secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /synology/auth/cl01tl
+        metadataPolicy: None
+        property: password
+    - secretKey: HOMEPAGE_VAR_UNIFI_USER
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /unifi/auth/cl01tl
+        metadataPolicy: None
+        property: user
+    - secretKey: HOMEPAGE_VAR_UNIFI_PASSWORD
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /unifi/auth/cl01tl
+        metadataPolicy: None
+        property: password
+    - secretKey: HOMEPAGE_VAR_SONARR_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/sonarr4/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_SONARR4K_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/sonarr4-4k/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_SONARRANIME_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/sonarr4-anime/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_RADARR_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/radarr5/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_RADARR4K_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/radarr5-4k/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_RADARRANIME_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/radarr5-anime/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/radarr5-standup/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_LIDARR_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/lidarr2/key
+        metadataPolicy: None
+        property: key
+    - secretKey: HOMEPAGE_VAR_PROWLARR_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/prowlarr/key
+        metadataPolicy: None
+        property: key

clusters/cl01tl/helm/homepage/templates/http-route.yaml

@@ -0,0 +1,28 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-homepage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-homepage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - home.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: homepage
+          port: 80
+          weight: 100

clusters/cl01tl/helm/homepage/templates/service.yaml

@@ -0,0 +1,46 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ps10rp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: gitea-ps10rp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    tailscale.com/tailnet-fqdn: gitea-ps10rp.boreal-beaufort.ts.net
+spec:
+  externalName: placeholder
+  type: ExternalName
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: home-ps10rp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: home-ps10rp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    tailscale.com/tailnet-fqdn: home-ps10rp.boreal-beaufort.ts.net
+spec:
+  externalName: placeholder
+  type: ExternalName
+
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: garage-ui-ps10rp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: garage-ps10rp
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+  annotations:
+    tailscale.com/tailnet-fqdn: garage-ui-ps10rp.boreal-beaufort.ts.net
+spec:
+  externalName: placeholder
+  type: ExternalName