Update Helm release loki to v6.49.0

remove pgadmin
add cluster
2025-12-14 00:14:37 +00:00 · 2025-12-13 18:12:23 -06:00 · 2025-12-13 18:10:44 -06:00
18 changed files with 177 additions and 289 deletions
--- a/clusters/cl01tl/helm/blocky/values.yaml
+++ b/clusters/cl01tl/helm/blocky/values.yaml
@@ -142,7 +142,6 @@ blocky:
              ollama                          IN      CNAME   traefik-cl01tl
              omni-tools                      IN      CNAME   traefik-cl01tl
              overseerr                       IN      CNAME   traefik-cl01tl
-              pgadmin                         IN      CNAME   traefik-cl01tl
              photoview                       IN      CNAME   traefik-cl01tl
              plex                            IN      CNAME   traefik-cl01tl
              postiz                          IN      CNAME   traefik-cl01tl
--- a/clusters/cl01tl/helm/gatus/values.yaml
+++ b/clusters/cl01tl/helm/gatus/values.yaml
@@ -254,9 +254,6 @@ gatus:
      - name: garage
        url: https://garage-webui.alexlebens.net
        <<: *defaults
-      - name: pgadmin
-        url: https://pgadmin.alexlebens.net
-        <<: *defaults
      - name: whodb
        url: https://whodb.alexlebens.net
        <<: *defaults
--- a/clusters/cl01tl/helm/homepage/values.yaml
+++ b/clusters/cl01tl/helm/homepage/values.yaml
@@ -507,12 +507,6 @@ homepage:
                  href: https://garage-ui-ps10rp.boreal-beaufort.ts.net
                  siteMonitor: https://garage-ui-ps10rp.boreal-beaufort.ts.net
                  statusStyle: dot
-              - Database:
-                  icon: sh-pgadmin-light.webp
-                  description: PGAdmin
-                  href: https://pgadmin.alexlebens.net
-                  siteMonitor: http://pgadmin.pgadmin:80
-                  statusStyle: dot
              - Database:
                  icon: sh-whodb.webp
                  description: WhoDB
--- a/clusters/cl01tl/helm/loki/Chart.lock
+++ b/clusters/cl01tl/helm/loki/Chart.lock
@@ -6,4 +6,4 @@ dependencies:
  repository: https://grafana.github.io/helm-charts
  version: 6.17.1
 digest: sha256:56aa7fd5ac7a16617b60e4a3f501aeeec1bdfbb3d67a41b45f33d3a4cbbed07e
-generated: "2025-12-13T22:02:20.892231728Z"
+generated: "2025-12-14T00:14:27.101386865Z"
--- a/clusters/cl01tl/helm/outline/Chart.lock
+++ b/clusters/cl01tl/helm/outline/Chart.lock
@@ -8,5 +8,8 @@ dependencies:
 - name: postgres-cluster
  repository: oci://harbor.alexlebens.net/helm-charts
  version: 6.16.1
-digest: sha256:6ef789f9db4ad00ce2178a138c3c39a4e90eaef1e4244f52282bc0cb3094f4f5
-generated: "2025-12-07T02:55:32.91116723Z"
+- name: postgres-cluster
+  repository: oci://harbor.alexlebens.net/helm-charts
+  version: 6.16.1
+digest: sha256:8203c685019682efe011ec2f2e6c9e81e6b33a10f29aab022a713c63415b5556
+generated: "2025-12-13T18:10:27.380776-06:00"
--- a/clusters/cl01tl/helm/outline/Chart.yaml
+++ b/clusters/cl01tl/helm/outline/Chart.yaml
@@ -30,5 +30,9 @@ dependencies:
    alias: postgres-17-cluster
    version: 6.16.1
    repository: oci://harbor.alexlebens.net/helm-charts
+  - name: postgres-cluster
+    alias: postgres-18-cluster
+    version: 6.16.1
+    repository: oci://harbor.alexlebens.net/helm-charts
 icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
-appVersion: 0.84.0
+appVersion: 1.1.0
--- a/clusters/cl01tl/helm/outline/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/outline/templates/external-secret.yaml
@@ -146,3 +146,70 @@ spec:
        key: /garage/home-infra/postgres-backups
        metadataPolicy: None
        property: ACCESS_REGION
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: outline-postgresql-18-cluster-backup-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-postgresql-18-cluster-backup-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: access
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /digital-ocean/home-infra/postgres-backups
+        metadataPolicy: None
+        property: secret
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: outline-postgresql-18-cluster-backup-secret-garage
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-postgresql-18-cluster-backup-secret-garage
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_KEY_ID
+    - secretKey: ACCESS_SECRET_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_SECRET_KEY
+    - secretKey: ACCESS_REGION
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /garage/home-infra/postgres-backups
+        metadataPolicy: None
+        property: ACCESS_REGION
--- a/clusters/cl01tl/helm/outline/templates/redis-replication.yaml
+++ b/clusters/cl01tl/helm/outline/templates/redis-replication.yaml
@@ -13,7 +13,7 @@ spec:
    runAsUser: 1000
    fsGroup: 1000
  kubernetesConfig:
-    image: quay.io/opstree/redis:v8.0.3
+    image: quay.io/opstree/redis:v8.4.0
    imagePullPolicy: IfNotPresent
    resources:
      requests:
@@ -29,4 +29,4 @@ spec:
            storage: 1Gi
  redisExporter:
    enabled: true
-    image: quay.io/opstree/redis-exporter:v1.48.0
+    image: quay.io/opstree/redis-exporter:v1.80.1
--- a/clusters/cl01tl/helm/outline/templates/redis-sentinel.yaml
+++ b/clusters/cl01tl/helm/outline/templates/redis-sentinel.yaml
@@ -0,0 +1,23 @@
+apiVersion: redis.redis.opstreelabs.in/v1beta2
+kind: RedisSentinel
+metadata:
+  name: redis-sentinel-outline
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: redis-sentinel-outline
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  clusterSize: 3
+  podSecurityContext:
+    runAsUser: 1000
+    fsGroup: 1000
+  redisSentinelConfig:
+    redisReplicationName: redis-replication-outline
+  kubernetesConfig:
+    image: quay.io/opstree/redis-sentinel:v8.4.0
+    imagePullPolicy: IfNotPresent
+    resources:
+      requests:
+        cpu: 10m
+        memory: 128Mi
--- a/clusters/cl01tl/helm/outline/values.yaml
+++ b/clusters/cl01tl/helm/outline/values.yaml
@@ -201,3 +201,77 @@ postgres-17-cluster:
      #   suspend: false
      #   schedule: "0 10 4 * * SAT"
      #   backupName: garage-remote
+postgres-18-cluster:
+  mode: recovery
+  cluster:
+    image:
+      repository: ghcr.io/cloudnative-pg/postgresql
+      tag: 18.1-standard-trixie
+    storage:
+      storageClass: local-path
+    walStorage:
+      storageClass: local-path
+    monitoring:
+      enabled: true
+      prometheusRule:
+        enabled: true
+  recovery:
+    method: import
+    objectStore:
+      destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-18-cluster
+      endpointURL: http://garage-main.garage:3900
+      index: 1
+      endpointCredentials: outline-postgresql-18-cluster-backup-secret-garage
+    import:
+      type: "microservice"
+      databases:
+        - app
+      source:
+        host: "outline-postgresql-17-cluster-rw"
+        port: 5432
+        username: app
+        database: app
+        sslMode: "disable"
+        passwordSecret:
+          name: "outline-postgresql-17-cluster-app"
+          key: "password"
+  backup:
+    objectStore:
+      - name: external
+        destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/outline/outline-postgresql-18-cluster
+        index: 1
+        retentionPolicy: "30d"
+        isWALArchiver: false
+      - name: garage-local
+        destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-18-cluster
+        index: 1
+        endpointURL: http://garage-main.garage:3900
+        endpointCredentials: outline-postgresql-18-cluster-backup-secret-garage
+        endpointCredentialsIncludeRegion: true
+        retentionPolicy: "3d"
+        isWALArchiver: true
+      # - name: garage-remote
+      #   destinationPath: s3://postgres-backups/cl01tl/outline/outline-postgresql-18-cluster
+      #   index: 1
+      #   endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
+      #   endpointCredentials: outline-postgresql-18-cluster-backup-secret-garage
+      #   retentionPolicy: "30d"
+      #   data:
+      #     compression: bzip2
+      #     jobs: 2
+    scheduledBackups:
+      - name: daily-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: external
+      - name: live-backup
+        suspend: false
+        immediate: true
+        schedule: "0 0 0 * * *"
+        backupName: garage-local
+      # - name: weekly-backup
+      #   suspend: false
+      #   immediate: true
+      #   schedule: "0 10 4 * * SAT"
+      #   backupName: garage-remote
--- a/clusters/cl01tl/helm/pgadmin/Chart.lock
+++ b/clusters/cl01tl/helm/pgadmin/Chart.lock
@@ -1,6 +0,0 @@
-dependencies:
- name: app-template
-  repository: https://bjw-s-labs.github.io/helm-charts/
-  version: 4.5.0
-digest: sha256:73c2acdec999649ccc983a6edc36b794c6e53a4a51f554c22d7ba0d19f538371
-generated: "2025-12-05T17:10:07.886809868Z"
--- a/clusters/cl01tl/helm/pgadmin/Chart.yaml
+++ b/clusters/cl01tl/helm/pgadmin/Chart.yaml
@@ -1,22 +0,0 @@
-apiVersion: v2
-name: pgadmin4
-version: 1.0.0
-description: pgAdmin
-keywords:
-  - pgadmin4
-  - postgresql
-  - database
-home: https://wiki.alexlebens.dev/s/afef464a-3d76-413a-80b1-b42596249a12
-sources:
-  - https://github.com/pgadmin-org/pgadmin4/
-  - https://hub.docker.com/r/dpage/pgadmin4/
-  - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
-maintainers:
-  - name: alexlebens
-dependencies:
-  - name: app-template
-    alias: pgadmin4
-    repository: https://bjw-s-labs.github.io/helm-charts/
-    version: 4.5.0
-icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/pgadmin.png
-appVersion: 9.3.0
--- a/clusters/cl01tl/helm/pgadmin/templates/external-secret.yaml
+++ b/clusters/cl01tl/helm/pgadmin/templates/external-secret.yaml
@@ -1,115 +0,0 @@
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: pgadmin-password-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-password-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: pgadmin-password
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/auth
-        metadataPolicy: None
-        property: pgadmin-password
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: pgadmin-env-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-env-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  data:
-    - secretKey: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/env
-        metadataPolicy: None
-        property: PGADMIN_CONFIG_AUTHENTICATION_SOURCES
-    - secretKey: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/env
-        metadataPolicy: None
-        property: PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER
-    - secretKey: PGADMIN_CONFIG_OAUTH2_CONFIG
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/pgadmin/env
-        metadataPolicy: None
-        property: PGADMIN_CONFIG_OAUTH2_CONFIG
-
---
-apiVersion: external-secrets.io/v1
-kind: ExternalSecret
-metadata:
-  name: pgadmin-data-backup-secret
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-data-backup-secret
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  secretStoreRef:
-    kind: ClusterSecretStore
-    name: vault
-  target:
-    template:
-      mergePolicy: Merge
-      engineVersion: v2
-      data:
-        RESTIC_REPOSITORY: "{{ `{{ .BUCKET_ENDPOINT }}` }}/pgadmin/pgadmin-data"
-  data:
-    - secretKey: BUCKET_ENDPOINT
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: S3_BUCKET_ENDPOINT
-    - secretKey: RESTIC_PASSWORD
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: RESTIC_PASSWORD
-    - secretKey: AWS_DEFAULT_REGION
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /cl01tl/volsync/restic/config
-        metadataPolicy: None
-        property: AWS_DEFAULT_REGION
-    - secretKey: AWS_ACCESS_KEY_ID
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: access_key
-    - secretKey: AWS_SECRET_ACCESS_KEY
-      remoteRef:
-        conversionStrategy: Default
-        decodingStrategy: None
-        key: /digital-ocean/home-infra/volsync-backups
-        metadataPolicy: None
-        property: secret_key
--- a/clusters/cl01tl/helm/pgadmin/templates/http-route.yaml
+++ b/clusters/cl01tl/helm/pgadmin/templates/http-route.yaml
@@ -1,28 +0,0 @@
-apiVersion: gateway.networking.k8s.io/v1
-kind: HTTPRoute
-metadata:
-  name: http-route-pgadmin
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: http-route-pgadmin
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  parentRefs:
-    - group: gateway.networking.k8s.io
-      kind: Gateway
-      name: traefik-gateway
-      namespace: traefik
-  hostnames:
-    - pgadmin.alexlebens.net
-  rules:
-    - matches:
-      - path:
-          type: PathPrefix
-          value: /
-      backendRefs:
-        - group: ''
-          kind: Service
-          name: pgadmin
-          port: 80
-          weight: 100
--- a/clusters/cl01tl/helm/pgadmin/templates/replication-source.yaml
+++ b/clusters/cl01tl/helm/pgadmin/templates/replication-source.yaml
@@ -1,28 +0,0 @@
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
-  name: pgadmin-data-backup-source
-  namespace: {{ .Release.Namespace }}
-  labels:
-    app.kubernetes.io/name: pgadmin-data-backup-source
-    app.kubernetes.io/instance: {{ .Release.Name }}
-    app.kubernetes.io/part-of: {{ .Release.Name }}
-spec:
-  sourcePVC: pgadmin-data
-  trigger:
-    schedule: 0 4 * * *
-  restic:
-    pruneIntervalDays: 7
-    repository: pgadmin-data-backup-secret
-    retain:
-      hourly: 1
-      daily: 3
-      weekly: 2
-      monthly: 2
-      yearly: 4
-    moverSecurityContext:
-      runAsUser: 5050
-      runAsGroup: 5050
-    copyMethod: Snapshot
-    storageClassName: ceph-block
-    volumeSnapshotClassName: ceph-blockpool-snapshot
--- a/clusters/cl01tl/helm/pgadmin/values.yaml
+++ b/clusters/cl01tl/helm/pgadmin/values.yaml
@@ -1,72 +0,0 @@
-pgadmin4:
-  controllers:
-    main:
-      type: deployment
-      replicas: 1
-      strategy: Recreate
-      initContainers:
-        init-chmod-data:
-          securityContext:
-            runAsUser: 0
-          image:
-            repository: busybox
-            tag: 1.37.0
-            pullPolicy: IfNotPresent
-          command:
-            - /bin/sh
-            - -ec
-            - |
-              /bin/chown -R 5050:5050 /var/lib/pgadmin
-          resources:
-            requests:
-              cpu: 10m
-              memory: 128Mi
-      containers:
-        main:
-          securityContext:
-            runAsUser: 5050
-            runAsGroup: 5050
-          image:
-            repository: dpage/pgadmin4
-            tag: "9.11"
-            pullPolicy: IfNotPresent
-          env:
-            - name: PGADMIN_CONFIG_ENHANCED_COOKIE_PROTECTION
-              value: "False"
-            - name: PGADMIN_DEFAULT_EMAIL
-              value: alexanderlebens@gmail.com
-            - name: PGADMIN_DEFAULT_PASSWORD
-              valueFrom:
-                secretKeyRef:
-                  name: pgadmin-password-secret
-                  key: pgadmin-password
-          envFrom:
-            - secretRef:
-                name: pgadmin-env-secret
-          resources:
-            requests:
-              cpu: 10m
-              memory: 256Mi
-  service:
-    main:
-      controller: main
-      ports:
-        http:
-          port: 80
-          targetPort: 80
-          protocol: TCP
-  persistence:
-    data:
-      forceRename: pgadmin4-data
-      storageClass: ceph-block
-      accessMode: ReadWriteOnce
-      size: 5Gi
-      retain: true
-      advancedMounts:
-        main:
-          init-chmod-data:
-            - path: /var/lib/pgadmin
-              readOnly: false
-          main:
-            - path: /var/lib/pgadmin
-              readOnly: false
--- a/hosts/ps08rp/blocky/config.yml
+++ b/hosts/ps08rp/blocky/config.yml
@@ -118,7 +118,6 @@ customDNS:
    ollama                          IN      CNAME   traefik-cl01tl
    omni-tools                      IN      CNAME   traefik-cl01tl
    overseerr                       IN      CNAME   traefik-cl01tl
-    pgadmin                         IN      CNAME   traefik-cl01tl
    photoview                       IN      CNAME   traefik-cl01tl
    plex                            IN      CNAME   traefik-cl01tl
    postiz                          IN      CNAME   traefik-cl01tl
--- a/hosts/ps09rp/blocky/config.yml
+++ b/hosts/ps09rp/blocky/config.yml
@@ -118,7 +118,6 @@ customDNS:
    ollama                          IN      CNAME   traefik-cl01tl
    omni-tools                      IN      CNAME   traefik-cl01tl
    overseerr                       IN      CNAME   traefik-cl01tl
-    pgadmin                         IN      CNAME   traefik-cl01tl
    photoview                       IN      CNAME   traefik-cl01tl
    plex                            IN      CNAME   traefik-cl01tl
    postiz                          IN      CNAME   traefik-cl01tl
Author	SHA1	Message	Date
Renovate Bot	60d7cc3085	Update Helm release loki to v6.49.0 All checks were successful renovate/stability-days Updates have met minimum release age requirement Details lint-test-docker / lint-docker-compose (pull_request) Successful in 27s Details lint-test-helm / lint-helm (pull_request) Successful in 1m54s Details	2025-12-14 00:14:37 +00:00
Alex Lebens	bce618623e	remove pgadmin All checks were successful lint-test-helm / lint-helm (push) Successful in 15s Details render-manifests-push / render-manifests-push (push) Successful in 29s Details lint-test-docker / lint-docker-compose (push) Successful in 47s Details renovate / renovate (push) Successful in 2m55s Details	2025-12-13 18:12:23 -06:00
Alex Lebens	a07827d63d	add cluster Some checks failed lint-test-helm / lint-helm (push) Successful in 13s Details render-manifests-push / render-manifests-push (push) Successful in 38s Details renovate / renovate (push) Has been cancelled Details	2025-12-13 18:10:44 -06:00