add base storage

clusters/cl01tl/storage/cloudnative-pg/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: cloudnative-pg
+version: 1.0.0
+description: Cloudnative PG
+keywords:
+  - cloudnative-pg
+  - operator
+  - postgresql
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/cloudnative-pg-87MyLNw4xG
+sources:
+  - https://github.com/cloudnative-pg/cloudnative-pg
+  - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: cloudnative-pg
+    version: 0.23.0
+    repository: https://cloudnative-pg.io/charts/
+icon: https://avatars.githubusercontent.com/u/100373852?s=48&v=4
+appVersion: 1.24.1

clusters/cl01tl/storage/cloudnative-pg/values.yaml

@@ -0,0 +1,4 @@
+cloudnative-pg:
+  replicaCount: 2
+  monitoring:
+    podMonitorEnabled: true

clusters/cl01tl/storage/local-path-provisioner/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: local-path-provisioner
+version: 1.0.0
+description: Local Path Provisioner
+keywords:
+  - local-path-provisioner
+  - storage
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/local-path-provisioner-40NQQKSDVu
+sources:
+  - https://github.com/rancher/local-path-provisioner
+  - https://hub.docker.com/r/rancher/local-path-provisioner
+  - https://github.com/containeroo/helm-charts/tree/master/charts/local-path-provisioner
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: local-path-provisioner
+    version: 0.0.32
+    repository: https://charts.containeroo.ch
+icon: https://avatars.githubusercontent.com/u/9343010?s=48&v=4
+appVersion: v0.0.30

clusters/cl01tl/storage/local-path-provisioner/templates/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: local-path-provisioner
+  labels:
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/storage/local-path-provisioner/values.yaml

@@ -0,0 +1,45 @@
+local-path-provisioner:
+  image:
+    repository: rancher/local-path-provisioner
+    tag: v0.0.31
+  helperImage:
+    repository: busybox
+    tag: 1.37.0
+  storageClass:
+    create: true
+    defaultClass: false
+    defaultVolumeType: hostPath
+    name: local-path
+    reclaimPolicy: Delete
+    volumeBindingMode: WaitForFirstConsumer
+  nodePathMap:
+    - node: talos-2di-ktg
+      paths:
+        - /var/local-path-provisioner
+    - node: talos-9vs-6hh
+      paths:
+        - /var/local-path-provisioner
+    - node: talos-f88-7tr
+      paths:
+        - /var/local-path-provisioner
+  affinity:
+    nodeAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        nodeSelectorTerms:
+          - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - talos-2di-ktg
+                - talos-9vs-6hh
+                - talos-f88-7tr
+  configmap:
+    name: local-path-config
+    setup: |-
+      #!/bin/sh
+      set -eu
+      mkdir -m 0777 -p "$VOL_DIR"
+    teardown: |-
+      #!/bin/sh
+      set -eu
+      rm -rf "$VOL_DIR"

clusters/cl01tl/storage/minio-operator/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: minio-operator
+version: 1.0.0
+description: Minio Operator
+keywords:
+  - minio-operator
+  - minio
+  - operator
+  - storage
+  - s3
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/minio-operator-bEvMUpVreJ
+sources:
+  - https://github.com/minio/operator
+  - https://github.com/minio/operator/tree/master/helm/operator
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: operator
+    version: 7.0.0
+    repository: https://operator.min.io
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/minio.png
+appVersion: v6.0.4

clusters/cl01tl/storage/minio-operator/values.yaml

@@ -0,0 +1,7 @@
+operator:
+  operator:
+    env:
+      - name: OPERATOR_STS_ENABLED
+        value: "off"
+      - name: MINIO_CONSOLE_TLS_ENABLE
+        value: "off"

clusters/cl01tl/storage/nfs/Chart.yaml

@@ -0,0 +1,21 @@
+apiVersion: v2
+name: nfs-subdir-external-provisioner
+version: 1.0.0
+description: NFS Subdir External Provisioner
+keywords:
+  - nfs-subdir-external-provisioner
+  - nfs
+  - storage
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/nfs-z7rfU2dz5C
+sources:
+  - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner
+  - https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner/tree/master/charts/nfs-subdir-external-provisioner
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: nfs-subdir-external-provisioner
+    version: 4.0.18
+    repository: https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/kubernetes.png
+appVersion: 4.0.18

clusters/cl01tl/storage/nfs/values.yaml

@@ -0,0 +1,8 @@
+nfs-subdir-external-provisioner:
+  nfs:
+    server: 10.232.1.64
+    path: /volume2/Talos
+    mountOptions:
+      - hard
+      - vers=4
+      - minorversion=1

clusters/cl01tl/storage/rook-ceph/Chart.yaml

@@ -0,0 +1,25 @@
+apiVersion: v2
+name: rook-ceph
+version: 1.0.0
+description: Rook Ceph
+keywords:
+  - rook-ceph
+  - ceph
+  - storage
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/rook-ceph-C7G7SNuP5Z
+sources:
+  - https://github.com/rook/rook
+  - https://quay.io/repository/ceph/ceph?tab=tags
+  - https://github.com/rook/rook/tree/master/deploy/charts
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: rook-ceph
+    version: v1.16.4
+    repository: https://charts.rook.io/release
+  - name: rook-ceph-cluster
+    version: v1.16.4
+    repository: https://charts.rook.io/release
+icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/rook.png
+appVersion: v1.16.0

clusters/cl01tl/storage/rook-ceph/templates/http-route.yaml

@@ -0,0 +1,30 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-rook-ceph
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-rook-ceph
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/version: {{ .Chart.AppVersion }}
+    app.kubernetes.io/component: web
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - ceph.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: rook-ceph-mgr-dashboard
+          port: 8443
+          weight: 100

clusters/cl01tl/storage/rook-ceph/templates/namespace.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: rook-ceph
+  labels:
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/warn: privileged

clusters/cl01tl/storage/rook-ceph/values.yaml

@@ -0,0 +1,125 @@
+rook-ceph:
+  crds:
+    enabled: true
+  csi:
+    enableMetadata: true
+    provisionerReplicas: 3
+    serviceMonitor:
+      enabled: true
+  enableDiscoveryDaemon: true
+  monitoring:
+    enabled: true
+
+rook-ceph-cluster:
+  operatorNamespace: rook-ceph
+  toolbox:
+    enabled: true
+  monitoring:
+    enabled: true
+    createPrometheusRules: true
+  cephClusterSpec:
+    cephVersion:
+      # https://quay.io/repository/ceph/ceph?tab=tags
+      image: quay.io/ceph/ceph:v19.2.1-20250202
+    mon:
+      count: 3
+    mgr:
+      count: 1
+      modules:
+        - name: pg_autoscaler
+          enabled: true
+        - name: rook
+          enabled: true
+    dashboard:
+      enabled: true
+      ssl: false
+    network:
+      connections:
+        encryption:
+          enabled: true
+        compression:
+          enabled: true
+        requireMsgr2: true
+    placement:
+      all:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/rook-osd-node
+                    operator: Exists
+      mon:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: node-role.kubernetes.io/rook-mon-node
+                    operator: Exists
+                  - key: node-role.kubernetes.io/control-plane
+                    operator: Exists
+        tolerations:
+          - key: node-role.kubernetes.io/rook-mon-node
+            operator: Exists
+          - key: node-role.kubernetes.io/control-plane
+            operator: Exists
+    resources:
+      mgr:
+        limits:
+          cpu: 2000m
+        requests:
+          cpu: 100m
+          memory: 512Mi
+      mon:
+        limits:
+          cpu: 2000m
+        requests:
+          cpu: 200m
+          memory: 256Mi
+      osd:
+        limits:
+          cpu: 5000m
+        requests:
+          cpu: 100m
+          memory: 2Gi
+      prepareosd:
+        requests:
+          cpu: 100m
+          memory: 128Mi
+    storage:
+      useAllNodes: true
+      useAllDevices: true
+      deviceFilter: sda
+      config:
+          osdsPerDevice: "1"
+    csi:
+      readAffinity:
+        enabled: true
+  cephBlockPools:
+    - name: ceph-blockpool
+      spec:
+        failureDomain: host
+        replicated:
+          size: 3
+        enableRBDStats: false
+      storageClass:
+        enabled: true
+        name: ceph-block
+        isDefault: true
+        reclaimPolicy: Delete
+        allowVolumeExpansion: true
+        volumeBindingMode: "Immediate"
+        parameters:
+          imageFormat: "2"
+          imageFeatures: layering,exclusive-lock,object-map,fast-diff
+          csi.storage.k8s.io/provisioner-secret-name: rook-csi-rbd-provisioner
+          csi.storage.k8s.io/provisioner-secret-namespace: "{{ .Release.Namespace }}"
+          csi.storage.k8s.io/controller-expand-secret-name: rook-csi-rbd-provisioner
+          csi.storage.k8s.io/controller-expand-secret-namespace: "{{ .Release.Namespace }}"
+          csi.storage.k8s.io/node-stage-secret-name: rook-csi-rbd-node
+          csi.storage.k8s.io/node-stage-secret-namespace: "{{ .Release.Namespace }}"
+          csi.storage.k8s.io/fstype: ext4
+  cephBlockPoolsVolumeSnapshotClass:
+    enabled: true
+    name: ceph-blockpool-snapshot
+    isDefault: false
+    deletionPolicy: Delete

clusters/cl01tl/storage/volsync/Chart.yaml

@@ -0,0 +1,22 @@
+apiVersion: v2
+name: volsync
+version: 1.0.0
+description: Volsync
+keywords:
+  - volsync
+  - backup
+  - storage
+  - s3
+  - kubernetes
+home: https://wiki.alexlebens.dev/doc/volsync-iusm70xWOf
+sources:
+  - https://github.com/backube/volsync
+  - https://github.com/backube/volsync/tree/main/helm/volsync
+maintainers:
+  - name: alexlebens
+dependencies:
+  - name: volsync
+    version: 0.11.0
+    repository: https://backube.github.io/helm-charts/
+icon: https://raw.githubusercontent.com/backube/volsync/main/docs/media/volsync.svg?sanitize=true
+appVersion: 0.11.1

clusters/cl01tl/storage/volsync/values.yaml

@@ -0,0 +1,17 @@
+volsync:
+  replicaCount: 3
+  manageCRDs: true
+  metrics:
+    disableAuth: true
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+    readOnlyRootFilesystem: true
+  resources:
+    limits:
+      cpu: 2000m
+    requests:
+      cpu: 10m
+      memory: 128Mi