From e4f89964770009b6911707223326d5c0d94d3dac Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Tue, 7 Apr 2026 19:43:43 -0500 Subject: [PATCH] feat: refactor apps --- clusters/cl01tl/helm/tdarr/Chart.yaml | 8 ++-- clusters/cl01tl/helm/tdarr/values.yaml | 38 +++++++---------- clusters/cl01tl/helm/traefik/Chart.yaml | 7 ++-- clusters/cl01tl/helm/traefik/values.yaml | 41 +++++++++++++++---- clusters/cl01tl/helm/tubearchivist/Chart.lock | 6 +-- clusters/cl01tl/helm/tubearchivist/Chart.yaml | 12 +++--- .../templates/external-secret.yaml | 27 ------------ .../cl01tl/helm/tubearchivist/values.yaml | 25 ++++------- 8 files changed, 71 insertions(+), 93 deletions(-) diff --git a/clusters/cl01tl/helm/tdarr/Chart.yaml b/clusters/cl01tl/helm/tdarr/Chart.yaml index 6226c16d0..9d88b9b11 100644 --- a/clusters/cl01tl/helm/tdarr/Chart.yaml +++ b/clusters/cl01tl/helm/tdarr/Chart.yaml @@ -5,16 +5,16 @@ description: Tdarr keywords: - tdarr - video - - transcode - - healthchecks -home: https://wiki.alexlebens.dev/s/0a8c0a10-7847-4081-8a4b-5e6ac4cb1d62 +home: https://docs.alexlebens.dev/applications/tdarr/ sources: - https://github.com/HaveAGitGat/Tdarr - https://github.com/homeylab/tdarr-exporter - https://github.com/haveagitgat/Tdarr/pkgs/container/tdarr + - https://github.com/users/haveagitgat/packages/container/package/tdarr_node - https://hub.docker.com/r/homeylab/tdarr-exporter - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/homeylab/helm-charts/tree/main/charts/tdarr-exporter + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -34,5 +34,5 @@ dependencies: version: 0.8.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tdarr.png -# renovate: datasource=github-releases depName=HaveAGitGat/Tdarr +# renovate: datasource=docker depName=ghcr.io/haveagitgat/tdarr appVersion: 2.58.02 diff --git a/clusters/cl01tl/helm/tdarr/values.yaml b/clusters/cl01tl/helm/tdarr/values.yaml index 4c3488969..eab74a6d9 100644 --- a/clusters/cl01tl/helm/tdarr/values.yaml +++ b/clusters/cl01tl/helm/tdarr/values.yaml @@ -4,16 +4,18 @@ tdarr: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: repository: ghcr.io/haveagitgat/tdarr - tag: 2.67.01 - pullPolicy: IfNotPresent + tag: 2.67.01@sha256:dc23becc667f77d2489b1042bd3af87fdd2fd85c2802e126928ef2ced9a8f560 env: - name: TZ - value: US/Central + value: America/Chicago - name: PUID value: "1001" - name: PGID @@ -36,12 +38,11 @@ tdarr: value: "8265" resources: requests: - cpu: 200m - memory: 1Gi + cpu: 500m + memory: 2Gi node: type: statefulset replicas: 3 - revisionHistoryLimit: 3 statefulset: volumeClaimTemplates: - name: transcode-cache @@ -67,11 +68,10 @@ tdarr: main: image: repository: ghcr.io/haveagitgat/tdarr_node - tag: 2.67.01 - pullPolicy: IfNotPresent + tag: 2.67.01@sha256:048ae8ed4de8e9f0de51ad739b2105bee3e4d1a8575120df468cec5f6ef2b1da env: - name: TZ - value: US/Central + value: America/Chicago - name: PUID value: "1001" - name: PGID @@ -96,7 +96,7 @@ tdarr: requests: gpu.intel.com/i915: 1 cpu: 10m - memory: 512Mi + memory: 100Mi service: api: controller: server @@ -104,14 +104,12 @@ tdarr: http: port: 8266 targetPort: 8266 - protocol: HTTP web: controller: server ports: http: port: 8265 targetPort: 8265 - protocol: HTTP route: main: kind: HTTPRoute @@ -124,11 +122,8 @@ tdarr: - tdarr.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: tdarr-web + - name: tdarr-web port: 8265 - weight: 100 matches: - path: type: PathPrefix @@ -139,7 +134,6 @@ tdarr: storageClass: ceph-block accessMode: ReadWriteOnce size: 50Gi - retain: true advancedMounts: server: main: @@ -150,7 +144,6 @@ tdarr: storageClass: ceph-block accessMode: ReadWriteOnce size: 50Gi - retain: true advancedMounts: server: main: @@ -177,8 +170,7 @@ tdarr: tdarr-exporter: image: name: homeylab/tdarr-exporter - # renovate: datasource=docker depName=homeylab/tdarr-exporter - tag: 1.4.3 + tag: 1.4.3@sha256:88254cb505bfff20e86e04fa23a71789a411e7939e3bcbccbd5ef397ff91d052 metrics: serviceMonitor: enabled: true @@ -188,8 +180,8 @@ tdarr-exporter: verify_ssl: false resources: requests: - cpu: 10m - memory: 256Mi + cpu: 1m + memory: 10Mi volsync-target-config: pvcTarget: tdarr-config local: diff --git a/clusters/cl01tl/helm/traefik/Chart.yaml b/clusters/cl01tl/helm/traefik/Chart.yaml index a103073d2..c6b1b8fca 100644 --- a/clusters/cl01tl/helm/traefik/Chart.yaml +++ b/clusters/cl01tl/helm/traefik/Chart.yaml @@ -5,12 +5,11 @@ description: Traefik keywords: - traefik - reverse-proxy - - tls - - kubernetes -home: https://wiki.alexlebens.dev/s/541ec45c-6cf7-4be6-bb08-63cab175e7cb +home: https://docs.alexlebens.dev/applications/traefik/ sources: - https://github.com/traefik/traefik - - https://github.com/traefik/traefik-helm-chart + - https://github.com/traefik/traefik-helm-chart/tree/master/traefik + - https://github.com/traefik/traefik-helm-chart/tree/master/traefik-crds maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/traefik/values.yaml b/clusters/cl01tl/helm/traefik/values.yaml index 7fff6086c..caad7c2d3 100644 --- a/clusters/cl01tl/helm/traefik/values.yaml +++ b/clusters/cl01tl/helm/traefik/values.yaml @@ -1,6 +1,13 @@ traefik: + image: + registry: docker.io + repository: traefik + tag: v3.6.12@sha256:171c9c3565b29f6c133f1c1b43c5d4e5853415198e9e1078c001f8702ff66aec deployment: kind: DaemonSet + podDisruptionBudget: + enabled: true + minAvailable: 1 ingressClass: enabled: false gateway: @@ -39,6 +46,11 @@ traefik: enabled: true matchRule: (Host(`traefik-cl01tl.alexlebens.net`) && (PathPrefix(`/api/`) || PathPrefix(`/dashboard/`))) entryPoints: ["websecure"] + updateStrategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 1 providers: kubernetesCRD: allowCrossNamespace: true @@ -58,8 +70,23 @@ traefik: serviceMonitor: enabled: true prometheusRule: - enabled: false + enabled: true + rules: + - alert: TraefikDown + expr: up{job="traefik"} == 0 + for: 5m + labels: + context: traefik + severity: warning + annotations: + summary: "Traefik Down" + description: "{{ $labels.pod }} on {{ $labels.nodename }} is down" + global: + checkNewVersion: false ports: + traefik: + expose: + default: false web: port: 8000 expose: @@ -77,14 +104,12 @@ traefik: - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 - insecure: false proxyProtocol: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 - insecure: false websecure: port: 8443 expose: @@ -102,22 +127,18 @@ traefik: allowEncodedPercent: true allowEncodedQuestionMark: true allowEncodedHash: true - tls: - enabled: true forwardedHeaders: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 - insecure: false proxyProtocol: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 - insecure: false ssh: port: 22 expose: @@ -129,14 +150,12 @@ traefik: - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 - insecure: false proxyProtocol: trustedIPs: - 10.0.0.0/8 - 172.16.0.0/16 - 192.168.0.0/16 - fc00::/7 - insecure: false metrics: expose: default: false @@ -145,6 +164,10 @@ traefik: type: LoadBalancer externalIPs: - 10.232.1.21 + resources: + requests: + cpu: 10m + memory: 100Mi traefik-crds: enabled: true traefik: true diff --git a/clusters/cl01tl/helm/tubearchivist/Chart.lock b/clusters/cl01tl/helm/tubearchivist/Chart.lock index ea6d38dd8..6bc83797d 100644 --- a/clusters/cl01tl/helm/tubearchivist/Chart.lock +++ b/clusters/cl01tl/helm/tubearchivist/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 4.6.2 - name: valkey repository: oci://harbor.alexlebens.net/helm-charts - version: 0.4.0 -digest: sha256:39a57c1505ed39180cffe9153ce69233c2376ba62c9287bc411071cf986f44de -generated: "2026-03-09T23:08:53.501770729Z" + version: 0.5.0 +digest: sha256:bbceeb6ebc7a358798e706280aa2eaba8b47b018ea0fb736b30ece5419979c4e +generated: "2026-04-07T19:36:53.116343-05:00" diff --git a/clusters/cl01tl/helm/tubearchivist/Chart.yaml b/clusters/cl01tl/helm/tubearchivist/Chart.yaml index f6313fad4..2f03386c4 100644 --- a/clusters/cl01tl/helm/tubearchivist/Chart.yaml +++ b/clusters/cl01tl/helm/tubearchivist/Chart.yaml @@ -4,15 +4,17 @@ version: 1.0.0 description: Tube Archivist keywords: - tubearchivist - - download - video - - youtube -home: https://wiki.alexlebens.dev/s/9a5f89bb-3cae-43ab-b651-d39f69a05e93 +home: https://docs.alexlebens.dev/applications/tubearchivist/ sources: - https://github.com/tubearchivist/tubearchivist - - https://github.com/elastic/elasticsearch + - https://github.com/Brainicism/bgutil-ytdlp-pot-provider + - https://github.com/qdm12/gluetun - https://hub.docker.com/r/bbilly1/tubearchivist + - https://hub.docker.com/r/brainicism/bgutil-ytdlp-pot-provider + - https://github.com/qdm12/gluetun/pkgs/container/gluetun - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: @@ -22,7 +24,7 @@ dependencies: version: 4.6.2 - name: valkey alias: valkey - version: 0.4.0 + version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/tube-archivist.png # renovate: datasource=github-releases depName=tubearchivist/tubearchivist diff --git a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml index dcb667d4f..743df7e10 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml @@ -14,17 +14,11 @@ spec: data: - secretKey: ELASTIC_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/tubearchivist/env - metadataPolicy: None property: ELASTIC_PASSWORD - secretKey: TA_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/tubearchivist/env - metadataPolicy: None property: TA_PASSWORD --- @@ -44,24 +38,15 @@ spec: data: - secretKey: username remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None property: username - secretKey: password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None property: password - secretKey: roles remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/tubearchivist/elasticsearch - metadataPolicy: None property: roles --- @@ -81,29 +66,17 @@ spec: data: - secretKey: private-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: private-key - secretKey: preshared-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: preshared-key - secretKey: addresses remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: addresses - secretKey: input-ports remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /airvpn/conf/cl01tl - metadataPolicy: None property: input-ports diff --git a/clusters/cl01tl/helm/tubearchivist/values.yaml b/clusters/cl01tl/helm/tubearchivist/values.yaml index 9c4798daa..f71d06a66 100644 --- a/clusters/cl01tl/helm/tubearchivist/values.yaml +++ b/clusters/cl01tl/helm/tubearchivist/values.yaml @@ -4,13 +4,15 @@ tubearchivist: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: repository: bbilly1/tubearchivist - tag: v0.5.10 - pullPolicy: IfNotPresent + tag: v0.5.10@sha256:dfe723cf008520e1758ecc3e59e6ea8761dd10d5bb099cd87289e80f5bd66567 env: - name: TZ value: America/Chicago @@ -40,13 +42,11 @@ tubearchivist: bgutil: image: repository: brainicism/bgutil-ytdlp-pot-provider - tag: 1.3.1 - pullPolicy: IfNotPresent + tag: 1.3.1@sha256:1aaa43a0ca72dfca6a6d2129a0fb4a23465c25adb1b043f8aff829a20825646b gluetun: image: repository: ghcr.io/qdm12/gluetun tag: v3.41.1@sha256:1a5bf4b4820a879cdf8d93d7ef0d2d963af56670c9ebff8981860b6804ebc8ab - pullPolicy: IfNotPresent lifecycle: postStart: exec: @@ -106,8 +106,6 @@ tubearchivist: devic.es/tun: "1" requests: devic.es/tun: "1" - cpu: 10m - memory: 128Mi service: main: controller: main @@ -115,7 +113,6 @@ tubearchivist: http: port: 80 targetPort: 24000 - protocol: HTTP route: main: kind: HTTPRoute @@ -128,11 +125,8 @@ tubearchivist: - tubearchivist.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: tubearchivist + - name: tubearchivist port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -142,7 +136,6 @@ tubearchivist: storageClass: ceph-block accessMode: ReadWriteOnce size: 40Gi - retain: true advancedMounts: main: main: @@ -157,10 +150,6 @@ tubearchivist: readOnly: false valkey: valkey: - resources: - requests: - cpu: 100m - memory: 1Gi dataStorage: requestedSize: 10Gi replica: