Compare commits
187 Commits
37fa34268d
...
renovate/u
| Author | SHA1 | Date | |
|---|---|---|---|
22c5e740ec
|
|||
| 758ac9e605 | |||
|
a66edcdc94
|
|||
| 2c1bccf42a | |||
| 8b0b4ba629 | |||
| 3b9d92b4a5 | |||
| ae0d560586 | |||
| eee145aef6 | |||
| 4890bdb98d | |||
| a4cb4721b3 | |||
| bad622098e | |||
| 0c75021fed | |||
| 54c0ec0822 | |||
| 9bd7556071 | |||
| 5bfd7ce82d | |||
|
33a029540a
|
|||
| 762a024a1c | |||
|
0fb24739a7
|
|||
| 6cd97f53e3 | |||
|
d6a29ff9a0
|
|||
| 06435ad3d0 | |||
|
d1097707a4
|
|||
| f493ad6f4a | |||
|
b67252a8ca
|
|||
| a342e5fcea | |||
| 61ba8a93fd | |||
|
607b88ac1d
|
|||
| 914ec4abae | |||
|
62126cde2d
|
|||
| f81ed6e9fa | |||
| 9576ea20aa | |||
| 2f06e6c876 | |||
| 1bf0cfece2 | |||
| df0c84a1ca | |||
| 27384b9ad4 | |||
| 4b2f4b4ae2 | |||
| 6f1228f5c1 | |||
| 0c54b6c325 | |||
|
6c62d1f918
|
|||
| f0c384d93e | |||
| ed1a6acce8 | |||
| 53e433b02b | |||
| 861ce17094 | |||
| 13b9059311 | |||
|
9d80f9937d
|
|||
| 5e8d29e095 | |||
|
7d465f34c4
|
|||
| 7f12a36f1d | |||
|
24ca561fcb
|
|||
| 0fecf566bf | |||
|
da0d38a9d4
|
|||
| d90f579575 | |||
|
bfda196e0a
|
|||
| be8bb32d30 | |||
| 621103fd12 | |||
| 041cdb7988 | |||
|
e7fed1fcd9
|
|||
| eed1cea7f4 | |||
|
72bff327d2
|
|||
| 14c9f86104 | |||
|
e06b6877ec
|
|||
| a8727295ae | |||
|
b19f95a5e6
|
|||
| 3d4458eb18 | |||
|
8f56302500
|
|||
| bbeb0ab904 | |||
|
a6a4f2a32f
|
|||
| fd5d26abe1 | |||
| 4b22dc5c48 | |||
|
f15eb333d9
|
|||
| e29e879899 | |||
| 44f6980f10 | |||
| 7a5f02e9b7 | |||
| 4c2da5c464 | |||
| 4f7a0da7b6 | |||
|
397f23c627
|
|||
| e90df4e017 | |||
|
22f60730ca
|
|||
| 1ad8f17b4e | |||
|
03a2a1b241
|
|||
| f9fc74a93e | |||
|
60c80fd790
|
|||
| 0657cc8ae8 | |||
|
7a2fc5ade0
|
|||
| 0340235954 | |||
|
0bc8d92b7a
|
|||
| cc645d604e | |||
| 0596643ca2 | |||
| d76adc1e1e | |||
| 332d3c1be7 | |||
| 1f79d0344a | |||
|
840c3126dd
|
|||
| 4829937519 | |||
| 2a2487d672 | |||
| 3c76142e23 | |||
| b67209846d | |||
| 2a0f557515 | |||
|
2130999d70
|
|||
| 34be6d76d6 | |||
| 17474369f0 | |||
| 8541670969 | |||
| 30ae1a7acc | |||
| 6161cf1e2a | |||
| af8a09499e | |||
| f80e96ebf1 | |||
| 13376bd583 | |||
| 1fda00b953 | |||
| e627bf58c3 | |||
| 9430a16a5c | |||
| d4593bad61 | |||
| 40c47214ea | |||
| 881f6d13ad | |||
| fcd924284f | |||
| 3dcd223643 | |||
| aefe949ca0 | |||
| b1052a6da6 | |||
|
f0de42c627
|
|||
| ba1b2fb351 | |||
| de52f91dd4 | |||
| 191ec5fa9e | |||
|
fb8a253801
|
|||
| db63227fc4 | |||
|
2575507345
|
|||
| 1c51a1d70a | |||
|
e6b2d88aeb
|
|||
| e4bd2edb50 | |||
|
aed792829d
|
|||
| 5d19547bf1 | |||
|
33b1d6224d
|
|||
| a0d8a11e9c | |||
| 4de7c6409b | |||
| 7dc67a3d3a | |||
|
6ebbafe4dd
|
|||
| 58053cd094 | |||
|
9a3cb9914b
|
|||
| 8d8b7862a2 | |||
|
40536f998f
|
|||
| b8fe0123dd | |||
|
86c2082bb5
|
|||
| 09112e3c59 | |||
| d672f54444 | |||
| eb98c36ca7 | |||
| 8fa8c153ec | |||
| e329bf2e9d | |||
| a09d260b03 | |||
| 52092b8986 | |||
| 40ffee2086 | |||
| 73106c39e4 | |||
| 1b07f5d77f | |||
| 8299f938a5 | |||
|
b95da57524
|
|||
| 0a40193242 | |||
|
a2f9d45f70
|
|||
| c83ff62536 | |||
| 8e44b223d6 | |||
| 6a16d24c2c | |||
|
c9164fc906
|
|||
| f34351eb7d | |||
|
9c0137b356
|
|||
| 1833a15e6a | |||
|
b15a68ef8b
|
|||
| a01b1d6050 | |||
|
9ac1ad2cf0
|
|||
| d61c4acf0c | |||
| 30e21162d9 | |||
|
7e676a5c4e
|
|||
| 89009fd048 | |||
| 6e5d2433e9 | |||
| b544493a70 | |||
| c4503f4ecb | |||
| 8765741597 | |||
| 142f6be558 | |||
| b89e24c8d1 | |||
| ad100879b5 | |||
| 54e2cd4c43 | |||
| 5c0f3d5b4e | |||
| 8ab2c2ff87 | |||
|
9897e85408
|
|||
| 83fd3796b0 | |||
|
667ed97498
|
|||
| 0bfef47841 | |||
|
5ffe958c30
|
|||
| 7131c4debd | |||
| edb122e2e4 | |||
| 03d82ed180 | |||
| a23dc349c5 | |||
|
9c18fe23c6
|
@@ -378,249 +378,232 @@ jobs:
|
||||
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
|
||||
image: true
|
||||
|
||||
argo-diff:
|
||||
needs: lint-helm
|
||||
runs-on: ubuntu-js
|
||||
if: |
|
||||
needs.lint-helm.result == 'success' &&
|
||||
needs.lint-helm.outputs.changes-detected == 'true' &&
|
||||
github.event_name == 'pull_request'
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
# argo-diff:
|
||||
# needs: lint-helm
|
||||
# runs-on: ubuntu-js
|
||||
# if: |
|
||||
# needs.lint-helm.result == 'success' &&
|
||||
# needs.lint-helm.outputs.changes-detected == 'true' &&
|
||||
# github.event_name == 'pull_request'
|
||||
# steps:
|
||||
# - name: Checkout
|
||||
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
# with:
|
||||
# fetch-depth: 0
|
||||
|
||||
- name: Cache ArgoCD CLI
|
||||
id: cache-argocd
|
||||
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
|
||||
with:
|
||||
path: /usr/local/bin/argocd
|
||||
key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
|
||||
restore-keys: |
|
||||
${{ runner.os }}-argocd-
|
||||
# - name: Cache ArgoCD CLI
|
||||
# id: cache-argocd
|
||||
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
|
||||
# with:
|
||||
# path: /usr/local/bin/argocd
|
||||
# key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
|
||||
# restore-keys: |
|
||||
# ${{ runner.os }}-argocd-
|
||||
|
||||
- name: Install ArgoCD CLI
|
||||
if: steps.cache-argocd.outputs.cache-hit != 'true'
|
||||
run: |
|
||||
echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
|
||||
curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
|
||||
# - name: Install ArgoCD CLI
|
||||
# if: steps.cache-argocd.outputs.cache-hit != 'true'
|
||||
# run: |
|
||||
# echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
|
||||
# curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
|
||||
|
||||
echo ""
|
||||
echo ">> Installing ArgoCD CLI ..."
|
||||
sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
|
||||
# echo ""
|
||||
# echo ">> Installing ArgoCD CLI ..."
|
||||
# sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
# echo ""
|
||||
# echo "----"
|
||||
|
||||
- name: Verify installation
|
||||
run: |
|
||||
echo ""
|
||||
echo ">> Verifying installation ..."
|
||||
argocd version --client
|
||||
# - name: Verify installation
|
||||
# run: |
|
||||
# echo ""
|
||||
# echo ">> Verifying installation ..."
|
||||
# argocd version --client
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
# echo ""
|
||||
# echo "----"
|
||||
|
||||
- name: Set Up Helm
|
||||
uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
# renovate: datasource=github-releases depName=helm/helm
|
||||
version: v4.1.3
|
||||
cache: true
|
||||
# - name: Set Up Helm
|
||||
# uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
|
||||
# with:
|
||||
# token: ${{ secrets.GITEA_TOKEN }}
|
||||
# # renovate: datasource=github-releases depName=helm/helm
|
||||
# version: v4.1.3
|
||||
# cache: true
|
||||
|
||||
- name: Cache Helm Dependencies
|
||||
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
|
||||
with:
|
||||
path: |
|
||||
~/.cache/helm
|
||||
~/.config/helm
|
||||
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
restore-keys: |
|
||||
helm-cache-${{ runner.os }}-
|
||||
# - name: Cache Helm Dependencies
|
||||
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
|
||||
# with:
|
||||
# path: |
|
||||
# ~/.cache/helm
|
||||
# ~/.config/helm
|
||||
# key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
# restore-keys: |
|
||||
# helm-cache-${{ runner.os }}-
|
||||
|
||||
- name: Add Repositories
|
||||
env:
|
||||
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
|
||||
run: |
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
echo ""
|
||||
# - name: Add Repositories
|
||||
# env:
|
||||
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
|
||||
# run: |
|
||||
# echo ">> Adding repositories for chart dependencies ..."
|
||||
# echo ""
|
||||
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
|
||||
| tail -n +2 \
|
||||
| awk 'NF > 0 { print $1, $3 }' \
|
||||
| while read -r REPO_NAME REPO_URL; do
|
||||
if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
# for DIR in ${CHANGED_CHARTS}; do
|
||||
# helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
|
||||
# | tail -n +2 \
|
||||
# | awk 'NF > 0 { print $1, $3 }' \
|
||||
# | while read -r REPO_NAME REPO_URL; do
|
||||
# if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
# echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
|
||||
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
# elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
# helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
|
||||
fi
|
||||
# fi
|
||||
|
||||
done || true
|
||||
done
|
||||
# done || true
|
||||
# done
|
||||
|
||||
if helm repo list > /dev/null 2>&1; then
|
||||
echo ""
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
# if helm repo list > /dev/null 2>&1; then
|
||||
# echo ""
|
||||
# echo ">> Update repository cache ..."
|
||||
# helm repo update
|
||||
|
||||
fi
|
||||
# fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
# echo ""
|
||||
# echo "----"
|
||||
|
||||
- name: Render Templates
|
||||
id: render
|
||||
env:
|
||||
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
|
||||
run: |
|
||||
for APP_NAME in ${CHANGED_CHARTS}; do
|
||||
echo ">> Render templates for ${APP_NAME} ..."
|
||||
CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
|
||||
OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
|
||||
# - name: Render Templates
|
||||
# id: render
|
||||
# env:
|
||||
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
|
||||
# run: |
|
||||
# for APP_NAME in ${CHANGED_CHARTS}; do
|
||||
# echo ">> Render templates for ${APP_NAME} ..."
|
||||
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
|
||||
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
|
||||
|
||||
helm dependency build "${CHART_PATH}" --skip-refresh
|
||||
# helm dependency build "${CHART_PATH}" --skip-refresh
|
||||
|
||||
NAMESPACE="${APP_NAME}"
|
||||
case "${APP_NAME}" in
|
||||
"stack")
|
||||
NAMESPACE="argocd"
|
||||
echo ">> Special Rendering into 'argocd' namespace ..."
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server")
|
||||
NAMESPACE="kube-system"
|
||||
echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
|
||||
;;
|
||||
*)
|
||||
echo ">> Standard Rendering ..."
|
||||
esac
|
||||
# NAMESPACE="${APP_NAME}"
|
||||
# case "${APP_NAME}" in
|
||||
# "stack")
|
||||
# NAMESPACE="argocd"
|
||||
# echo ">> Special Rendering into 'argocd' namespace ..."
|
||||
# ;;
|
||||
# "cilium" | "coredns" | "metrics-server")
|
||||
# NAMESPACE="kube-system"
|
||||
# echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
|
||||
# ;;
|
||||
# *)
|
||||
# echo ">> Standard Rendering ..."
|
||||
# esac
|
||||
|
||||
TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
|
||||
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
|
||||
|
||||
# Format and split rendered template
|
||||
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
# # Format and split rendered template
|
||||
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
|
||||
# Strip comments again to ensure formatting correctness
|
||||
for file in "$OUTPUT_FOLDER"/*; do
|
||||
yq -i '... comments=""' $file
|
||||
# # Strip comments again to ensure formatting correctness
|
||||
# for file in "$OUTPUT_FOLDER"/*; do
|
||||
# yq -i '... comments=""' $file
|
||||
|
||||
done
|
||||
# done
|
||||
|
||||
echo ""
|
||||
echo ">> Templates in outpute folder: ${OUTPUT_FOLDER}"
|
||||
ls ${OUTPUT_FOLDER}
|
||||
done
|
||||
# echo ""
|
||||
# echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
|
||||
# ls ${OUTPUT_FOLDER}
|
||||
# done
|
||||
|
||||
echo "----"
|
||||
# echo "----"
|
||||
|
||||
- name: Run App Diff
|
||||
id: diff
|
||||
env:
|
||||
ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
|
||||
ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
|
||||
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
|
||||
run: |
|
||||
# argo diff outputs 1 on any diff, but this is expected, only error on output 2+
|
||||
set +e
|
||||
OVERALL_EXIT_CODE=0
|
||||
FAILED_CHARTS=""
|
||||
DIFF_FOUND="false"
|
||||
# - name: Run App Diff
|
||||
# id: diff
|
||||
# env:
|
||||
# ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
|
||||
# ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
|
||||
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
|
||||
# run: |
|
||||
# FAILED_CHARTS=""
|
||||
# DIFF_FOUND="false"
|
||||
|
||||
for APP_NAME in ${CHANGED_CHARTS}; do
|
||||
echo ">> Running argocd app diff for ${APP_NAME} ..."
|
||||
# for APP_NAME in ${CHANGED_CHARTS}; do
|
||||
# echo ">> Running argocd app diff for ${APP_NAME} ..."
|
||||
# argocd app diff "${APP_NAME}" \
|
||||
# --server "${ARGOCD_SERVER}" \
|
||||
# --revision ${{ gitea.sha }} \
|
||||
# --diff-exit-code 0 \
|
||||
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
|
||||
# --local-repo-root "." \
|
||||
# --grpc-web > "diff_output_${APP_NAME}.txt"
|
||||
|
||||
argocd app diff "${APP_NAME}" \
|
||||
--server "${ARGOCD_SERVER}" \
|
||||
--revision ${{ gitea.sha }} \
|
||||
--grpc-web > diff_output_${APP_NAME}.txt
|
||||
# if [ -s "diff_output_${APP_NAME}.txt" ]; then
|
||||
# echo ">> Argo diff:"
|
||||
# echo ""
|
||||
# cat diff_output_${APP_NAME}.txt
|
||||
# echo ""
|
||||
|
||||
EXIT_CODE=$?
|
||||
# DIFF_FOUND="true"
|
||||
|
||||
if [ -s "diff_output_${APP_NAME}.txt" ]; then
|
||||
echo ">> Argo diff:"
|
||||
echo ""
|
||||
cat diff_output_${APP_NAME}.txt
|
||||
echo ""
|
||||
# else
|
||||
# echo ">> No Argo diff found for ${APP_NAME}"
|
||||
# rm "diff_output_${APP_NAME}.txt"
|
||||
|
||||
DIFF_FOUND="true"
|
||||
# fi
|
||||
# done
|
||||
|
||||
else
|
||||
echo ">> No Argo diff found for ${APP_NAME}"
|
||||
rm "diff_output_${APP_NAME}.txt"
|
||||
# echo "----"
|
||||
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
|
||||
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
fi
|
||||
# exit $OVERALL_EXIT_CODE
|
||||
|
||||
if [ $EXIT_CODE -eq 2 ]; then
|
||||
echo ">> ArgoCD diff failed for ${APP_NAME} due to a manifest error"
|
||||
# - name: Post Diff
|
||||
# if: |
|
||||
# always() &&
|
||||
# steps.diff.outputs.diff-detected == 'true' &&
|
||||
# gitea.event.pull_request.number != null
|
||||
# env:
|
||||
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||
# run: |
|
||||
# COMMENT_BODY="### ArgoCD Diff Results
|
||||
# "
|
||||
|
||||
OVERALL_EXIT_CODE=1
|
||||
# for f in diff_output_*.txt; do
|
||||
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
|
||||
# DIFF_CONTENT=$(cat "$f")
|
||||
|
||||
if [ -z "${FAILED_CHARTS}" ]; then
|
||||
FAILED_CHARTS="${APP_NAME}"
|
||||
# COMMENT_BODY="${COMMENT_BODY}
|
||||
# #### App: ${APP_NAME}
|
||||
# "
|
||||
|
||||
else
|
||||
FAILED_CHARTS="${FAILED_CHARTS}, ${APP_NAME}"
|
||||
# if [ -z "$DIFF_CONTENT" ]; then
|
||||
# COMMENT_BODY="${COMMENT_BODY} No changes detected."
|
||||
# else
|
||||
# COMMENT_BODY="${COMMENT_BODY}
|
||||
# \`\`\`diff
|
||||
# ${DIFF_CONTENT}
|
||||
# \`\`\`"
|
||||
# fi
|
||||
# done
|
||||
|
||||
fi
|
||||
fi
|
||||
done
|
||||
# curl -X 'POST' \
|
||||
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
|
||||
# -H "Authorization: token ${GITEA_TOKEN}" \
|
||||
# -H "Content-Type: application/json" \
|
||||
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
|
||||
|
||||
echo "----"
|
||||
echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
|
||||
echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
exit $OVERALL_EXIT_CODE
|
||||
|
||||
- name: Post Diff
|
||||
if: |
|
||||
always() &&
|
||||
steps.diff.outputs.diff-detected == 'true' &&
|
||||
gitea.event.pull_request.number != null
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||
run: |
|
||||
COMMENT_BODY="### ArgoCD Diff Results
|
||||
"
|
||||
|
||||
for f in diff_output_*.txt; do
|
||||
APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
|
||||
DIFF_CONTENT=$(cat "$f")
|
||||
|
||||
COMMENT_BODY="${COMMENT_BODY}
|
||||
#### App: ${APP_NAME}
|
||||
"
|
||||
|
||||
if [ -z "$DIFF_CONTENT" ]; then
|
||||
COMMENT_BODY="${COMMENT_BODY} No changes detected."
|
||||
else
|
||||
COMMENT_BODY="${COMMENT_BODY}
|
||||
\`\`\`diff
|
||||
${DIFF_CONTENT}
|
||||
\`\`\`"
|
||||
fi
|
||||
done
|
||||
|
||||
curl -X 'POST' \
|
||||
"${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
|
||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'ArgoCD Diff Failure'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
|
||||
image: true
|
||||
# - name: ntfy Failed
|
||||
# uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
|
||||
# if: failure()
|
||||
# with:
|
||||
# url: '${{ secrets.NTFY_URL }}'
|
||||
# topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
# title: 'ArgoCD Diff Failure'
|
||||
# priority: 3
|
||||
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
# tags: action,failed
|
||||
# details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
|
||||
# icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
# actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
|
||||
# image: true
|
||||
|
||||
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.110.14@sha256:f3ba59186f17171bf2eaacc35014192d4862bf1b2af3116fb694ba9c17f04f70
|
||||
container: ghcr.io/renovatebot/renovate:43.123.4@sha256:118803cb3c32cdc39ff654c18baabf30f214d4158873277a154ec815d85ceb1d
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -10,6 +10,6 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:6c697902b9c4e997c961b474b55aed3c254d2ef4565f921a1caf023347878718
|
||||
generated: "2026-04-10T01:33:14.668094273Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d
|
||||
generated: "2026-04-13T20:32:12.748342469Z"
|
||||
|
||||
@@ -29,7 +29,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
|
||||
# renovate: datasource=github-releases depName=goauthentik/authentik
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:58bcab9a78afad1037cb9d5047becb7a836fbfb3543883f24764a1bbb8db7290
|
||||
generated: "2026-04-10T01:33:35.406965206Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae
|
||||
generated: "2026-04-13T20:32:34.844998902Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
|
||||
# renovate: datasource=github-releases depName=0xerr0r/blocky
|
||||
|
||||
@@ -106,6 +106,7 @@ blocky:
|
||||
audiobookshelf IN CNAME traefik-cl01tl
|
||||
authentik IN CNAME traefik-cl01tl
|
||||
backrest IN CNAME traefik-cl01tl
|
||||
bao IN CNAME traefik-cl01tl
|
||||
bazarr IN CNAME traefik-cl01tl
|
||||
ceph IN CNAME traefik-cl01tl
|
||||
dawarich IN CNAME traefik-cl01tl
|
||||
@@ -160,6 +161,7 @@ blocky:
|
||||
sonarr IN CNAME traefik-cl01tl
|
||||
sonarr-4k IN CNAME traefik-cl01tl
|
||||
sonarr-anime IN CNAME traefik-cl01tl
|
||||
sparkyfitness IN CNAME traefik-cl01tl
|
||||
stalwart IN CNAME traefik-cl01tl
|
||||
tdarr IN CNAME traefik-cl01tl
|
||||
tubearchivist IN CNAME traefik-cl01tl
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: cert-manager
|
||||
repository: https://charts.jetstack.io
|
||||
version: v1.20.1
|
||||
digest: sha256:1bf36eba44cf096b40355a697b8cffb302f07f9135374222aabdf686f017b7a9
|
||||
generated: "2026-03-28T01:35:24.542754563Z"
|
||||
version: v1.20.2
|
||||
digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf
|
||||
generated: "2026-04-13T23:02:59.380767677Z"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: cert-manager
|
||||
version: v1.20.1
|
||||
version: v1.20.2
|
||||
repository: https://charts.jetstack.io
|
||||
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png
|
||||
# renovate: datasource=github-releases depName=cert-manager/cert-manager
|
||||
appVersion: v1.20.1
|
||||
appVersion: v1.20.2
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 0.28.0
|
||||
- name: plugin-barman-cloud
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
version: 0.5.0
|
||||
digest: sha256:3e9b26d00fdb61af60f003bcb327e05d02799eb6088e30aaabd01c49c6021aac
|
||||
generated: "2026-04-01T20:05:40.198140255Z"
|
||||
version: 0.6.0
|
||||
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
|
||||
generated: "2026-04-14T09:03:10.332065288Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ dependencies:
|
||||
version: 0.28.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
- name: plugin-barman-cloud
|
||||
version: 0.5.0
|
||||
version: 0.6.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
|
||||
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
|
||||
|
||||
@@ -7,7 +7,7 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
@@ -17,5 +17,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:46a4d88528ac64e1f228a8516c0fd00e45c2403bdd713140b82e7ab28506ec74
|
||||
generated: "2026-04-10T01:34:00.034582668Z"
|
||||
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
|
||||
generated: "2026-04-13T20:32:54.380897459Z"
|
||||
|
||||
@@ -26,7 +26,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-storage
|
||||
|
||||
@@ -7,6 +7,6 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:1ef062c01049dc3150f24b4bf1502a1026beda856ecca88df70b61701eaf659e
|
||||
generated: "2026-04-10T01:34:22.131775797Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329
|
||||
generated: "2026-04-13T20:33:13.909018545Z"
|
||||
|
||||
@@ -25,8 +25,8 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
|
||||
# renovate: datasource=github-releases depName=directus/directus
|
||||
appVersion: 11.17.2
|
||||
appVersion: 11.17.3
|
||||
|
||||
@@ -8,7 +8,7 @@ directus:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/directus/directus
|
||||
tag: 11.17.2@sha256:5e5978377f1cc9820ffc5b92597da1573a1350ea57f8aba42efd999139993874
|
||||
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
|
||||
env:
|
||||
- name: PUBLIC_URL
|
||||
value: https://directus.alexlebens.net
|
||||
|
||||
@@ -48,7 +48,7 @@ eraser-metrics:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
|
||||
tag: 0.149.0@sha256:dd56aed607fd02f8ac01dddb27a859c0c2cc750539abce927803778fafc736ae
|
||||
tag: 0.150.1@sha256:618f7867e49fdb173d9b46d535b01f82254b0b14beac6ab1f6f2eb8cf62c5d42
|
||||
command:
|
||||
- /otelcol
|
||||
- --config=/conf/otel-collector-config.yaml
|
||||
|
||||
@@ -70,7 +70,7 @@ foldergram:
|
||||
forceRename: foldergram-data
|
||||
storageClass: synology-iscsi-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 100Gi
|
||||
size: 150Gi
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
|
||||
@@ -155,8 +155,8 @@ gatus:
|
||||
- name: searxng
|
||||
url: https://searxng.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: roundcube
|
||||
url: https://mail.alexlebens.net
|
||||
- name: sparkyfitness
|
||||
url: https://sparkyfitness.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: paperless-ngx
|
||||
url: https://paperless-ngx.alexlebens.net
|
||||
@@ -212,6 +212,9 @@ gatus:
|
||||
- name: authentik
|
||||
url: https://authentik.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: roundcube
|
||||
url: https://mail.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: stalwart
|
||||
url: https://stalwart.alexlebens.net
|
||||
<<: *defaults
|
||||
@@ -263,6 +266,9 @@ gatus:
|
||||
- name: vault
|
||||
url: https://vault.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: openbao
|
||||
url: https://bao.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: backrest
|
||||
url: https://backrest.alexlebens.net
|
||||
<<: *defaults
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: generic-device-plugin
|
||||
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
|
||||
version: 0.20.29
|
||||
digest: sha256:927c4aaf7484f3522ecd92d456f184555f4c742adc1c63b32a149cbb847e9eee
|
||||
generated: "2026-04-10T17:19:10.852938614Z"
|
||||
version: 0.20.31
|
||||
digest: sha256:2e073f735a5ff699844eb67715ab20d403261b3e9c035ebdc4292cee9666b4f4
|
||||
generated: "2026-04-15T01:16:30.361061773Z"
|
||||
|
||||
@@ -14,6 +14,6 @@ maintainers:
|
||||
dependencies:
|
||||
- name: generic-device-plugin
|
||||
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
|
||||
version: 0.20.29
|
||||
version: 0.20.31
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
appVersion: 1.0.0
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
dependencies:
|
||||
- name: gitea
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 12.5.0
|
||||
version: 12.5.3
|
||||
- name: actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.30.0
|
||||
version: 0.31.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -16,12 +16,12 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:1834a2f731f3dfd1f2c1997ef827c941f63436e3d4766b7713771f6ab147a285
|
||||
generated: "2026-04-10T01:34:45.637993565Z"
|
||||
digest: sha256:3b2cd7914718ca5857531c466deb3b7f88a49ce4d67484efcffac7e5accf5263
|
||||
generated: "2026-04-15T18:58:48.48174558Z"
|
||||
|
||||
@@ -26,14 +26,14 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: gitea
|
||||
version: 12.5.0
|
||||
version: 12.5.3
|
||||
repository: https://dl.gitea.com/charts/
|
||||
- name: actions
|
||||
alias: gitea-actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
version: 0.30.0
|
||||
version: 0.31.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
@@ -44,11 +44,11 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-gitea
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-renovate
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-storage
|
||||
|
||||
@@ -7,9 +7,9 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:92931c4ed7e060931fd1aa0e4c3021cc548c1375bdd8a150ed61c858496af72c
|
||||
generated: "2026-04-10T01:35:19.405893161Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:6c086da896f573fdb1b81abab43b90181f2af7bf57a62333c4426f3f30496ffa
|
||||
generated: "2026-04-13T20:33:58.123069628Z"
|
||||
|
||||
@@ -24,11 +24,11 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-unified-alerting
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-remote-cache
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
|
||||
# renovate: datasource=github-releases depName=grafana/grafana-operator
|
||||
|
||||
@@ -567,6 +567,25 @@ spec:
|
||||
resyncPeriod: 6h
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/ntfy.json
|
||||
|
||||
---
|
||||
apiVersion: grafana.integreatly.org/v1beta1
|
||||
kind: GrafanaDashboard
|
||||
metadata:
|
||||
name: grafana-dashboard-openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
app: grafana-main
|
||||
contentCacheDuration: 6h
|
||||
folderUID: grafana-folder-platform
|
||||
resyncPeriod: 6h
|
||||
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/openbao.json
|
||||
|
||||
---
|
||||
apiVersion: grafana.integreatly.org/v1beta1
|
||||
kind: GrafanaDashboard
|
||||
|
||||
@@ -7,6 +7,6 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:b153dff647b1657cca3e2efc2ad188214496374eed1137f9ecb887184f8a4470
|
||||
generated: "2026-04-10T01:35:42.967388076Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:fc508a58ea7dffe1b92049a89c3fe2f0034d05ecdad38807bb6e02c68a1cb957
|
||||
generated: "2026-04-13T20:34:25.515547207Z"
|
||||
|
||||
@@ -24,7 +24,7 @@ dependencies:
|
||||
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
|
||||
# renovate: datasource=github-releases depName=goharbor/harbor
|
||||
|
||||
@@ -12,8 +12,6 @@ headlamp:
|
||||
enabled: true
|
||||
name: headlamp-oidc-secret
|
||||
watchPlugins: true
|
||||
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
|
||||
sessionTTL: null
|
||||
httpRoute:
|
||||
enabled: true
|
||||
parentRefs:
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
|
||||
# renovate: datasource=github-releases depName=home-assistant/core
|
||||
appVersion: 2026.4.1
|
||||
appVersion: 2026.4.2
|
||||
|
||||
@@ -12,7 +12,7 @@ home-assistant:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/home-assistant/home-assistant
|
||||
tag: 2026.4.1@sha256:8848691147f01a6eee7753de2ade21b04d6168fcd2e2a7089f6f84e3b7b86960
|
||||
tag: 2026.4.2@sha256:4c940155cfd5b0187a6faee2db5d52b98bb573edc1aeee95d0818bb17b6534d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -285,11 +285,11 @@ homepage:
|
||||
href: https://searxng.alexlebens.net/
|
||||
siteMonitor: http://searxng-browser.searxng:80
|
||||
statusStyle: dot
|
||||
- Email:
|
||||
icon: sh-roundcube.webp
|
||||
description: Roundcube
|
||||
href: https://mail.alexlebens.net
|
||||
siteMonitor: http://roundcube.roundcube:80
|
||||
- Fitness Tracker:
|
||||
icon: sh-sparkyfitness.webp
|
||||
description: Sparky Fitness
|
||||
href: https://sparkyfitness.alexlebens.net
|
||||
siteMonitor: http://sparkyfitness-frontend.sparkyfitness:80
|
||||
statusStyle: dot
|
||||
- Documents:
|
||||
icon: sh-paperless-ngx.webp
|
||||
@@ -487,7 +487,13 @@ homepage:
|
||||
href: https://authentik.alexlebens.net
|
||||
siteMonitor: http://authentik-server.authentik:80
|
||||
statusStyle: dot
|
||||
- Email:
|
||||
- Email Client:
|
||||
icon: sh-roundcube.webp
|
||||
description: Roundcube
|
||||
href: https://mail.alexlebens.net
|
||||
siteMonitor: http://roundcube.roundcube:80
|
||||
statusStyle: dot
|
||||
- Email Server:
|
||||
icon: sh-stalwart.webp
|
||||
description: Stalwart
|
||||
href: https://stalwart.alexlebens.net
|
||||
@@ -631,6 +637,18 @@ homepage:
|
||||
app.kubernetes.io/instance in (
|
||||
vault
|
||||
)
|
||||
- Secrets:
|
||||
icon: sh-openbao.webp
|
||||
description: OpenBao
|
||||
href: https://bao.alexlebens.net
|
||||
siteMonitor: http://openbao.openbao:8200
|
||||
statusStyle: dot
|
||||
namespace: openbao
|
||||
app: openbao
|
||||
podSelector: >-
|
||||
app.kubernetes.io/instance in (
|
||||
openbao
|
||||
)
|
||||
- Backups:
|
||||
icon: sh-backrest-light.webp
|
||||
description: Backrest
|
||||
|
||||
@@ -7,9 +7,9 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:cc71770c9558038b988a2d7a893fffe6ba64a77e8b0d8c403b1183e48d168cd9
|
||||
generated: "2026-04-10T01:36:07.229979615Z"
|
||||
digest: sha256:73ee46c366adf205ca50a7382a404ccd0e548a2ebeb39fa5f5afbadf6e0d539f
|
||||
generated: "2026-04-13T20:34:57.11369553Z"
|
||||
|
||||
@@ -25,7 +25,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
|
||||
# renovate: datasource=github-releases depName=immich-app/immich
|
||||
appVersion: v2.7.2
|
||||
appVersion: v2.7.5
|
||||
|
||||
@@ -8,7 +8,7 @@ immich:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/immich-app/immich-server
|
||||
tag: v2.7.2@sha256:6a2952539e2a9c8adcf6fb74850bb1ba7e1db2804050acea21baafdc9154c430
|
||||
tag: v2.7.5@sha256:c15bff75068effb03f4355997d03dc7e0fc58720c2b54ad6f7f10d1bc57efaa5
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.30.0
|
||||
version: 0.31.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:32b9a206e77eabcdf1bbbc4d7e93067c40d6a621e4a07c1827e4d23961e2d82b
|
||||
generated: "2026-03-30T16:13:40.879082765Z"
|
||||
digest: sha256:ea0f20c4c1b5566288185283141ece9938f8bbce246e27ec464cb1e6fd376fba
|
||||
generated: "2026-04-14T17:48:23.813297015Z"
|
||||
|
||||
@@ -22,7 +22,7 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
version: 0.30.0
|
||||
version: 0.31.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.30.0
|
||||
version: 0.31.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:9939407bba4f0ac9d5ed47250490d0a80dc48881cfeb7bc924ece655fa0b5b05
|
||||
generated: "2026-04-10T01:17:47.911315172Z"
|
||||
digest: sha256:f0f26138eeca6430c2b9ad7dc6d6ad8467b0db2a5660015b2755efc802e8ac84
|
||||
generated: "2026-04-14T17:48:43.81459819Z"
|
||||
|
||||
@@ -23,7 +23,7 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: meilisearch
|
||||
version: 0.30.0
|
||||
version: 0.31.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
|
||||
@@ -31,4 +31,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
|
||||
# renovate: datasource=github-releases depName=moghtech/komodo
|
||||
appVersion: v2.1.1
|
||||
appVersion: v2.1.2
|
||||
|
||||
@@ -8,7 +8,7 @@ komodo:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/moghtech/komodo-core
|
||||
tag: 2.1.1@sha256:2bbbb1efd3534211dac35091e0818f10398d9bdd98fdbf0ddef09e9e0b5ec4ba
|
||||
tag: 2.1.2@sha256:8a7dbba232e4e49797bb412be5f78207c89fcf22cc2727b38631ae30f7518a4c
|
||||
env:
|
||||
- name: COMPOSE_LOGGING_DRIVER
|
||||
value: local
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 83.4.0
|
||||
version: 83.4.3
|
||||
- name: prometheus-operator-crds
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
version: 28.0.1
|
||||
@@ -10,6 +10,6 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:94ed4d62bfc30d84c74fab1eb3439be43243952686245de16bb5b0ba15b50965
|
||||
generated: "2026-04-10T17:23:18.478974013Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:3396044aeb04c8a204c50941528e7292ece35349445cb86632eac5dcb2200447
|
||||
generated: "2026-04-15T18:45:01.915091109Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: kube-prometheus-stack
|
||||
version: 83.4.0
|
||||
version: 83.4.3
|
||||
repository: oci://ghcr.io/prometheus-community/charts
|
||||
- name: prometheus-operator-crds
|
||||
version: 28.0.1
|
||||
@@ -31,7 +31,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png
|
||||
# renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator
|
||||
|
||||
@@ -30,7 +30,7 @@ libation:
|
||||
main:
|
||||
image:
|
||||
repository: ubuntu
|
||||
tag: resolute-20260404@sha256:cc925e589b7543b910fea57a240468940003fbfc0515245a495dd0ad8fe7cef1
|
||||
tag: resolute-20260413@sha256:5e275723f82c67e387ba9e3c24baa0abdcb268917f276a0561c97bef9450d0b4
|
||||
command:
|
||||
- "sleep"
|
||||
- "infinity"
|
||||
|
||||
@@ -14,7 +14,7 @@ lidarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/lidarr
|
||||
tag: 3.1.2-nightly@sha256:2b602738585d64c62e119073c631e50872f07595d2d90936a9186f2989cb2eda
|
||||
tag: 3.1.2-nightly@sha256:9ec74111343f3648f2ab9a80931e05f1695622ff5a2587f1f2006e0415322a65
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -22,10 +22,10 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
@@ -38,5 +38,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:a3ec2977db9a8d902c8691281e5305f2dfb4501d64591bc67dc2c86e59743133
|
||||
generated: "2026-04-10T01:36:45.779720254Z"
|
||||
digest: sha256:e3b47e528b086c6f1b2aefb3b429026e77a5e7b95ff3946ef0769b366542ba5a
|
||||
generated: "2026-04-13T20:35:45.244907297Z"
|
||||
|
||||
@@ -54,11 +54,11 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-matrix-synapse
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-hookshot
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-synapse
|
||||
|
||||
@@ -133,7 +133,7 @@ matrix-synapse:
|
||||
gid: 666
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.3@sha256:25109184c71bdad752c8312a8623239686a9a2071e8825f20acb8f2198c3f659
|
||||
tag: 3.23.4@sha256:c7989ac7a27b473e1795973c98d714f62b4dd0b134594d36880505ce0bfd716b
|
||||
ingress:
|
||||
enabled: false
|
||||
gateway:
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/frederikemmer/MediaLyze/d8f69c0628bac7c047b90f91a66341648029c273/frontend/public/favicon.svg
|
||||
# renovate: datasource=github-releases depName=frederikemmer/MediaLyze
|
||||
appVersion: 0.5.0
|
||||
appVersion: 0.7.1
|
||||
|
||||
@@ -12,7 +12,7 @@ medialyze:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/frederikemmer/medialyze
|
||||
tag: 0.5.0@sha256:41dc308bb303fcc7a17a2dac35fc1b3ef6a2d345c3e121f677eaf3c2be7564d6
|
||||
tag: 0.7.1@sha256:c28cfd5cafe2b34136efaba5ba825440a2160cda3116ecb266454eac07a37e49
|
||||
env:
|
||||
- name: HOST_PORT
|
||||
value: 8080
|
||||
|
||||
@@ -24,4 +24,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/music-grabber.png
|
||||
# renovate: datasource=docker depName=g33kphr33k/musicgrabber
|
||||
appVersion: 2.6.1
|
||||
appVersion: 2.6.3
|
||||
|
||||
@@ -12,7 +12,7 @@ music-grabber:
|
||||
main:
|
||||
image:
|
||||
repository: g33kphr33k/musicgrabber
|
||||
tag: 2.6.1@sha256:52b81df8e69062b4023a416fa4168d4bc0e6d8fba48901a5a5a3080bdd748696
|
||||
tag: 2.6.3@sha256:33ccf823b27387c5080da6df7e1b22f1e6443f878cfbf14fb06a6abcef79991d
|
||||
env:
|
||||
- name: MUSIC_DIR
|
||||
value: /mnt/store/Music Grabber/
|
||||
|
||||
@@ -12,7 +12,7 @@ navidrome:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/navidrome/navidrome
|
||||
tag: 0.61.1@sha256:1e1660054a856cc09f227d6929252e45a519fdb16004b464dd637f7294ca3ec1
|
||||
tag: 0.61.2@sha256:9fa40b3d8dec43ceb2213d1fa551da3dcfef6ac6d19c2e534efb92527c2bafd2
|
||||
env:
|
||||
- name: ND_MUSICFOLDER
|
||||
value: /music
|
||||
|
||||
@@ -31,4 +31,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
|
||||
# renovate: datasource=github-releases depName=ollama/ollama
|
||||
appVersion: 0.20.4
|
||||
appVersion: 0.20.7
|
||||
|
||||
@@ -21,7 +21,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
|
||||
tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
@@ -55,7 +55,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
|
||||
tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
@@ -89,7 +89,7 @@ ollama:
|
||||
main:
|
||||
image:
|
||||
repository: ollama/ollama
|
||||
tag: 0.20.3@sha256:87d71eb588a28c747094ca5d011392a3790f6ea9bd9c87594780ad7c65cc7ed1
|
||||
tag: 0.20.7@sha256:487324a9312240e3e122446f351b1f1e3f68d884ef854c246db2e08792440d94
|
||||
env:
|
||||
- name: OLLAMA_KEEP_ALIVE
|
||||
value: 24h
|
||||
|
||||
9
clusters/cl01tl/helm/openbao/Chart.lock
Normal file
9
clusters/cl01tl/helm/openbao/Chart.lock
Normal file
@@ -0,0 +1,9 @@
|
||||
dependencies:
|
||||
- name: openbao
|
||||
repository: https://openbao.github.io/openbao-helm
|
||||
version: 0.27.1
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:2a48dda8dad91d967fceeec4c50d3358f58b0255ba823e04bea726bf187f8f40
|
||||
generated: "2026-04-15T19:55:47.720376-05:00"
|
||||
30
clusters/cl01tl/helm/openbao/Chart.yaml
Normal file
30
clusters/cl01tl/helm/openbao/Chart.yaml
Normal file
@@ -0,0 +1,30 @@
|
||||
apiVersion: v2
|
||||
name: openbao
|
||||
version: 1.0.0
|
||||
description: OpenBao
|
||||
keywords:
|
||||
- openbao
|
||||
- secrets
|
||||
home: https://docs.alexlebens.dev/applications/openbao/
|
||||
sources:
|
||||
- https://github.com/openbao/openbao
|
||||
- https://github.com/lrstanley/vault-unseal
|
||||
- https://quay.io/repository/openbao/openbao?tab=tags
|
||||
- https://quay.io/repository/openbao/openbao-csi-provider?tab=tags
|
||||
- https://github.com/openbao/openbao-snapshot-agent/pkgs/container/openbao-snapshot-agent
|
||||
- https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal
|
||||
- https://github.com/openbao/openbao-helm/tree/main/charts/openbao
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: openbao
|
||||
version: 0.27.1
|
||||
repository: https://openbao.github.io/openbao-helm
|
||||
- name: app-template
|
||||
alias: unseal
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/openbao.png
|
||||
# renovate: datasource=github-releases depName=openbao/openbao
|
||||
appVersion: v2.5.2
|
||||
166
clusters/cl01tl/helm/openbao/templates/external-secret.yaml
Normal file
166
clusters/cl01tl/helm/openbao/templates/external-secret.yaml
Normal file
@@ -0,0 +1,166 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-snapshot-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-snapshot-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: AWS_ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_REGION
|
||||
- secretKey: AWS_SECRET_ACCESS_KEY
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: BUCKET
|
||||
remoteRef:
|
||||
key: /garage/home-infra/openbao-backups
|
||||
property: BUCKET
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-1
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-1
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_1
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-2
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-2
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_2
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: openbao-unseal-config-3
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-unseal-config-3
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ENVIRONMENT
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: ENVIRONMENT
|
||||
- secretKey: NODES
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NODES
|
||||
- secretKey: TOKENS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: TOKENS_3
|
||||
- secretKey: NOTIFY_QUEUE_URLS
|
||||
remoteRef:
|
||||
key: /cl01tl/openbao/unseal
|
||||
property: NOTIFY_QUEUE_URLS
|
||||
|
||||
# ---
|
||||
# apiVersion: external-secrets.io/v1
|
||||
# kind: ExternalSecret
|
||||
# metadata:
|
||||
# name: openbao-token
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: openbao-token
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# secretStoreRef:
|
||||
# kind: ClusterSecretStore
|
||||
# name: openbao
|
||||
# data:
|
||||
# - secretKey: token
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: token
|
||||
# - secretKey: unseal_key_1
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_1
|
||||
# - secretKey: unseal_key_2
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_2
|
||||
# - secretKey: unseal_key_3
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_3
|
||||
# - secretKey: unseal_key_4
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_4
|
||||
# - secretKey: unseal_key_5
|
||||
# remoteRef:
|
||||
# key: /cl01tl/openbao/token
|
||||
# property: unseal_key_5
|
||||
29
clusters/cl01tl/helm/openbao/templates/ingress.yaml
Normal file
29
clusters/cl01tl/helm/openbao/templates/ingress.yaml
Normal file
@@ -0,0 +1,29 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: openbao-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
spec:
|
||||
ingressClassName: tailscale
|
||||
tls:
|
||||
- hosts:
|
||||
- openbao-cl01tl
|
||||
secretName: openbao-cl01tl
|
||||
rules:
|
||||
- host: openbao-cl01tl
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: openbao-active
|
||||
port:
|
||||
number: 8200
|
||||
11
clusters/cl01tl/helm/openbao/templates/namespace.yaml
Normal file
11
clusters/cl01tl/helm/openbao/templates/namespace.yaml
Normal file
@@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: openbao
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
182
clusters/cl01tl/helm/openbao/values.yaml
Normal file
182
clusters/cl01tl/helm/openbao/values.yaml
Normal file
@@ -0,0 +1,182 @@
|
||||
openbao:
|
||||
global:
|
||||
serverTelemetry:
|
||||
prometheusOperator: true
|
||||
injector:
|
||||
enabled: false
|
||||
server:
|
||||
updateStrategyType: RollingUpdate
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao
|
||||
tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 500Mi
|
||||
gateway:
|
||||
tlsRoute:
|
||||
enabled: true
|
||||
hosts:
|
||||
- bao.alexlebens.net
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
authDelegator:
|
||||
enabled: true
|
||||
livenessProbe:
|
||||
enabled: true
|
||||
dataStorage:
|
||||
size: 1Gi
|
||||
storageClass: ceph-block
|
||||
auditStorage:
|
||||
enabled: true
|
||||
size: 10Gi
|
||||
storageClass: ceph-block
|
||||
standalone:
|
||||
enabled: false
|
||||
ha:
|
||||
enabled: true
|
||||
replicas: 3
|
||||
raft:
|
||||
enabled: true
|
||||
config: |
|
||||
ui = true
|
||||
|
||||
listener "tcp" {
|
||||
tls_disable = 1
|
||||
address = "[::]:8200"
|
||||
cluster_address = "[::]:8201"
|
||||
telemetry {
|
||||
unauthenticated_metrics_access = "true"
|
||||
}
|
||||
}
|
||||
|
||||
storage "raft" {
|
||||
path = "/openbao/data"
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-0.openbao-internal:8200"
|
||||
}
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-1.openbao-internal:8200"
|
||||
}
|
||||
retry_join {
|
||||
leader_api_addr = "http://openbao-2.openbao-internal:8200"
|
||||
}
|
||||
}
|
||||
|
||||
service_registration "kubernetes" {}
|
||||
|
||||
telemetry {
|
||||
prometheus_retention_time = "30s"
|
||||
disable_hostname = true
|
||||
}
|
||||
csi:
|
||||
enabled: true
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao-csi-provider
|
||||
tag: 2.0.1@sha256:a3bd5e8183da778b5dc79ee1a3d7313ac77dc599b623b4106a91b19362674f27
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 100Mi
|
||||
agent:
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: openbao/openbao
|
||||
tag: 2.5.2@sha256:6c75c97223873807260352f269640935a07db0c26b3dbf12a98a36ec43ad9878
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 100Mi
|
||||
serverTelemetry:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
prometheusRules:
|
||||
enabled: true
|
||||
rules:
|
||||
- alert: vault-HighResponseTime
|
||||
annotations:
|
||||
message: The response time of Vault is over 500ms on average over the last 5 minutes.
|
||||
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
|
||||
for: 5m
|
||||
labels:
|
||||
severity: warning
|
||||
- alert: vault-HighResponseTime
|
||||
annotations:
|
||||
message: The response time of Vault is over 1s on average over the last 5 minutes.
|
||||
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
snapshotAgent:
|
||||
enabled: true
|
||||
schedule: 0 4 * * *
|
||||
image:
|
||||
repository: ghcr.io/openbao/openbao-snapshot-agent
|
||||
tag: 0.3.0@sha256:d7a8ca9d26b12cf226ce093b9051f243c53aefbb8a419b3dc0b554e7575c931c
|
||||
s3CredentialsSecret: openbao-snapshot-secret
|
||||
config:
|
||||
s3Host: garage-main.garage:3900
|
||||
s3Bucket: openbao-backups
|
||||
s3Uri: s3://openbao-backups
|
||||
s3ExpireDays: "30"
|
||||
s3cmdExtraFlag: "-v"
|
||||
baoAuthPath: kubernetes
|
||||
baoRole: bao-snapshot
|
||||
unseal:
|
||||
global:
|
||||
fullnameOverride: openbao-unseal
|
||||
controllers:
|
||||
unseal-1:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
unseal-2:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-2
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
unseal-3:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/lrstanley/vault-unseal
|
||||
tag: 1.0.0@sha256:24ca9bceccdb0a22ae57574346dee4bec107c9b849f836811972b8f7f1baa4ef
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: openbao-unseal-config-3
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 10Mi
|
||||
@@ -10,9 +10,9 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:dfed4e1149e3daaad1a36f00ad63a3353895799f0bb0c8f4cfa3e5190f04b062
|
||||
generated: "2026-04-10T01:37:10.437687272Z"
|
||||
digest: sha256:9b15e04e7fc3cec27b64509c22f95e70ae0e8d65f6c1f2ea42ddcdd342545509
|
||||
generated: "2026-04-13T20:36:08.758439372Z"
|
||||
|
||||
@@ -30,7 +30,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
|
||||
@@ -7,7 +7,7 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
@@ -20,5 +20,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:d9a1a2c899d5f8cb9cb00d749ea313af889ded789e1d3dadc1df12b7567b9cd1
|
||||
generated: "2026-04-10T01:37:28.340143265Z"
|
||||
digest: sha256:88f27775fa063ed8595dd46c1c7467f1ee684ea6f68dd47e1198a105757ebcee
|
||||
generated: "2026-04-13T20:36:24.921277015Z"
|
||||
|
||||
@@ -28,7 +28,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
@@ -48,4 +48,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/paperless-ngx.png
|
||||
# renovate: datasource=github-releases depName=paperless-ngx/paperless-ngx
|
||||
appVersion: 2.20.13
|
||||
appVersion: 2.20.14
|
||||
|
||||
@@ -8,7 +8,7 @@ paperless-ngx:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/paperless-ngx/paperless-ngx
|
||||
tag: 2.20.13@sha256:4b05bcd28e6923768000b5d247cbf2c66fd49bdc3f3b05955bd4f6790a638b01
|
||||
tag: 2.20.14@sha256:b89f83345532cfba72690185257eb6c4f92fc2a782332a42abe19c07b7a6595f
|
||||
env:
|
||||
- name: PAPERLESS_REDIS
|
||||
value: redis://paperless-ngx-valkey.paperless-ngx:6379
|
||||
|
||||
@@ -20,4 +20,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/plex.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-plex
|
||||
appVersion: 1.43.1.10576-06378bdcd-ls300
|
||||
appVersion: 1.43.1.10611-1e34174b1-ls301
|
||||
|
||||
@@ -22,7 +22,7 @@ plex:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/plex
|
||||
tag: 1.43.1.10576-06378bdcd-ls300@sha256:09fe33e5efd991681ea3cbd3e3cb262cd1ae26d4a0145a4141ead284d8f21de6
|
||||
tag: 1.43.1.10611-1e34174b1-ls301@sha256:1dd281365d61fb76fd4474ba67e36ec94d2e8dbc67a8032ba10731c01701c97e
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,7 +4,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: temporal
|
||||
repository: https://go.temporal.io/helm-charts
|
||||
version: 1.0.0
|
||||
version: 1.1.1
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -13,12 +13,12 @@ dependencies:
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:baf167465e08bfba842267aeb17c8aacc598342766761ceba7e82839d5952e11
|
||||
generated: "2026-04-10T01:37:49.479823098Z"
|
||||
digest: sha256:c2f97973de65b7ab76b42a5b9131e084de2333ba82c85b75d9e186ec88335ef4
|
||||
generated: "2026-04-15T18:59:31.36700149Z"
|
||||
|
||||
@@ -29,7 +29,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: temporal
|
||||
repository: https://go.temporal.io/helm-charts
|
||||
version: 1.0.0
|
||||
version: 1.1.1
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -39,7 +39,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
@@ -51,4 +51,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
|
||||
# renovate: datasource=github-releases depName=gitroomhq/postiz-app
|
||||
appVersion: v2.21.5
|
||||
appVersion: v2.21.6
|
||||
|
||||
@@ -8,7 +8,7 @@ postiz:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/gitroomhq/postiz-app
|
||||
tag: v2.21.4@sha256:a339e9ee256537526d0eda19e5919e01fa7649a40596ebec5d9e1389850836bc
|
||||
tag: v2.21.6@sha256:c140cd81e4b8269e386e149a9595fdc22a0de3b41368ba6767aeb087c1d14257
|
||||
env:
|
||||
- name: JWT_SECRET
|
||||
valueFrom:
|
||||
@@ -150,7 +150,7 @@ temporal:
|
||||
server:
|
||||
image:
|
||||
repository: temporalio/server
|
||||
tag: 1.30.3@sha256:a3d0f727caad0ecca5dc6e94766135aab448551f2c6c0d33d3c67576458e6a0d
|
||||
tag: 1.30.4@sha256:0aacc0c00d079aeaf6797b6e845e3e387746733ee077564bfe57ac847fa56837
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
@@ -224,7 +224,7 @@ temporal:
|
||||
admintools:
|
||||
image:
|
||||
repository: temporalio/admin-tools
|
||||
tag: 1.30.3@sha256:2c2272b008f1af295b3719963e6feeef64f838d1105d895cf6acfcf96dd31741
|
||||
tag: 1.30.4@sha256:9ac15d500f4020f7cc694ecc17085dfcfc2d4b1d0d2020dbe83b6f3d49e156e0
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -232,7 +232,7 @@ temporal:
|
||||
web:
|
||||
image:
|
||||
repository: temporalio/ui
|
||||
tag: 2.48.1@sha256:edb5dd1b3e0ddb35611939dde9b573533afd6fbafbbf077b73c7131a30ca91ff
|
||||
tag: 2.48.3@sha256:e5523746f54a8b908b0be69f6274ca1abf2aa0a51714a85b6a4641310ff60286
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -28,4 +28,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prowlarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-prowlarr
|
||||
appVersion: 2.3.5.5327-ls141
|
||||
appVersion: 2.3.5.5327-ls142
|
||||
|
||||
@@ -12,7 +12,7 @@ prowlarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/prowlarr
|
||||
tag: 2.3.5.5327-ls141@sha256:35f48abb3e976fcf077fae756866c582e4a90f8b24810ae4067b3558f7cdbbdf
|
||||
tag: 2.3.5.5327-ls142@sha256:6df73ab9e99d0dbaad27c39d8a47c600333eebea80fcb56253a0bb8b630c8115
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls298
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-4k:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls298
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-anime:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls298
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr-standup:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-radarr
|
||||
appVersion: 6.1.1.10360-ls298
|
||||
appVersion: 6.1.1.10360-ls299
|
||||
|
||||
@@ -14,7 +14,7 @@ radarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/radarr
|
||||
tag: 6.1.1.10360-ls298@sha256:cd70546fc97169788530386b42cf47ba1b16d091b4dc2264cd54099dd13c6f7f
|
||||
tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: reloader
|
||||
repository: https://stakater.github.io/stakater-charts
|
||||
version: 2.2.9
|
||||
digest: sha256:9926bf770a774f391fae9ec2d8db4bd5f37f5fe14439326da1c1b592795f0d2b
|
||||
generated: "2026-03-06T04:03:42.972601201Z"
|
||||
version: 2.2.11
|
||||
digest: sha256:09bd15e46f5b5c09da317bda9dfe5dd4b74e5e2aecd8271e8e66eaabfd0df521
|
||||
generated: "2026-04-15T18:46:43.186024471Z"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: reloader
|
||||
version: 2.2.9
|
||||
version: 2.2.11
|
||||
repository: https://stakater.github.io/stakater-charts
|
||||
icon: https://raw.githubusercontent.com/stakater/Reloader/refs/heads/master/assets/web/reloader.jpg
|
||||
# renovate: datasource=github-releases depName=stakater/Reloader
|
||||
appVersion: v1.4.14
|
||||
appVersion: v1.4.16
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: rook-ceph
|
||||
repository: https://charts.rook.io/release
|
||||
version: v1.19.3
|
||||
version: v1.19.4
|
||||
- name: rook-ceph-cluster
|
||||
repository: https://charts.rook.io/release
|
||||
version: v1.19.3
|
||||
digest: sha256:f485e0ac0fe7a70972491078f37b8be4aff2c6dfa7346bdb18d296f1dbd15b1e
|
||||
generated: "2026-03-24T22:57:30.323965591Z"
|
||||
version: v1.19.4
|
||||
digest: sha256:c7e8bd547272f7f8294f9237f997d5898882293cd10cb59efc59c7452d720ea3
|
||||
generated: "2026-04-15T18:07:10.535464016Z"
|
||||
|
||||
@@ -15,11 +15,11 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: rook-ceph
|
||||
version: v1.19.3
|
||||
version: v1.19.4
|
||||
repository: https://charts.rook.io/release
|
||||
- name: rook-ceph-cluster
|
||||
version: v1.19.3
|
||||
version: v1.19.4
|
||||
repository: https://charts.rook.io/release
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ceph.png
|
||||
# renovate: datasource=github-releases depName=rook/rook
|
||||
appVersion: v1.19.3
|
||||
appVersion: v1.19.4
|
||||
|
||||
@@ -56,7 +56,7 @@ roundcube:
|
||||
nginx:
|
||||
image:
|
||||
repository: nginx
|
||||
tag: 1.29.8-alpine-slim@sha256:34311a2592ef8b857ca342b0d458d2978e4d05ae620ba2da5030f3d7c9b4774c
|
||||
tag: 1.30.0-alpine-slim@sha256:830b40ff1beb5e018e56aef2ed1f9fe87a7797e35a555b75fea5c9568e316b04
|
||||
env:
|
||||
- name: NGINX_HOST
|
||||
value: mail.alexlebens.net
|
||||
|
||||
@@ -112,7 +112,7 @@ rybbit:
|
||||
main:
|
||||
image:
|
||||
repository: clickhouse/clickhouse-server
|
||||
tag: 26.3.5@sha256:0115c4aa8d29ef873a533bcebaf5a65ec12815cf3b08b4fe6a20c30d460e8133
|
||||
tag: 26.3.9@sha256:537014a67ce8bf1f5c79c2e2b26fb30b8285a86ffff03875bb14ed17ea35db62
|
||||
env:
|
||||
- name: CLICKHOUSE_DB
|
||||
value: analytics
|
||||
|
||||
@@ -8,7 +8,7 @@ searxng:
|
||||
main:
|
||||
image:
|
||||
repository: searxng/searxng
|
||||
tag: latest@sha256:e86a5bd7537b6eb01176a8bfd53f9b535fe14bcf193d04648b6c0892d7b59d2f
|
||||
tag: latest@sha256:222b4c11534e0bd9b5ed80081680094a1d663413cbe1d142e184515c4035fc23
|
||||
env:
|
||||
- name: SEARXNG_BASE_URL
|
||||
value: http://searxng-api.searxng:8080
|
||||
@@ -36,7 +36,7 @@ searxng:
|
||||
main:
|
||||
image:
|
||||
repository: searxng/searxng
|
||||
tag: latest@sha256:e86a5bd7537b6eb01176a8bfd53f9b535fe14bcf193d04648b6c0892d7b59d2f
|
||||
tag: latest@sha256:222b4c11534e0bd9b5ed80081680094a1d663413cbe1d142e184515c4035fc23
|
||||
env:
|
||||
- name: SEARXNG_BASE_URL
|
||||
value: https://searxng.alexlebens.net/
|
||||
|
||||
6
clusters/cl01tl/helm/secrets-store-csi-driver/Chart.lock
Normal file
6
clusters/cl01tl/helm/secrets-store-csi-driver/Chart.lock
Normal file
@@ -0,0 +1,6 @@
|
||||
dependencies:
|
||||
- name: secrets-store-csi-driver
|
||||
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
|
||||
version: 1.5.6
|
||||
digest: sha256:8bebc25b54a231446dce2d67b9cd65024a1458fc106ee93dcfd539759edf2ca5
|
||||
generated: "2026-04-15T17:29:48.143994-05:00"
|
||||
24
clusters/cl01tl/helm/secrets-store-csi-driver/Chart.yaml
Normal file
24
clusters/cl01tl/helm/secrets-store-csi-driver/Chart.yaml
Normal file
@@ -0,0 +1,24 @@
|
||||
apiVersion: v2
|
||||
name: secrets-store-csi-driver
|
||||
version: 1.0.0
|
||||
description: Secrets Store CSI driver
|
||||
keywords:
|
||||
- secrets-store-csi-driver
|
||||
- secrets
|
||||
home: https://docs.alexlebens.dev/applications/secrets-store-csi-driver/
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/secrets-store-csi-driver
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fcsi-secrets-store%2Fdriver
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fcsi-secrets-store%2Fdriver-crds
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fsig-storage%2Fcsi-node-driver-registrar
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fsig-storage%2Flivenessprobe
|
||||
- https://github.com/kubernetes-sigs/secrets-store-csi-driver/tree/main/charts/secrets-store-csi-driver
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: secrets-store-csi-driver
|
||||
version: 1.5.6
|
||||
repository: https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
# renovate: datasource=github-releases depName=kubernetes-sigs/secrets-store-csi-driver
|
||||
appVersion: 0.8.1
|
||||
@@ -0,0 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: secrets-store-csi-driver
|
||||
labels:
|
||||
app.kubernetes.io/name: secrets-store-csi-driver
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
41
clusters/cl01tl/helm/secrets-store-csi-driver/values.yaml
Normal file
41
clusters/cl01tl/helm/secrets-store-csi-driver/values.yaml
Normal file
@@ -0,0 +1,41 @@
|
||||
secrets-store-csi-driver:
|
||||
linux:
|
||||
enabled: true
|
||||
image:
|
||||
repository: registry.k8s.io/csi-secrets-store/driver
|
||||
tag: v1.5.6@sha256:6df2b3b3817136d2ade3d53306dbbd98385c1c01e8b3c373192c0e5b8d183f7b
|
||||
crds:
|
||||
enabled: true
|
||||
image:
|
||||
repository: registry.k8s.io/csi-secrets-store/driver-crds
|
||||
tag: v1.5.6@sha256:d40d9212beb62ee0f9f09b75d024ed807816879f38e75eca309497c3df89568c
|
||||
driver:
|
||||
resources:
|
||||
limits:
|
||||
cpu: null
|
||||
memory: null
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 100Mi
|
||||
registrarImage:
|
||||
repository: registry.k8s.io/sig-storage/csi-node-driver-registrar
|
||||
tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70
|
||||
registrar:
|
||||
resources:
|
||||
limits:
|
||||
cpu: null
|
||||
memory: null
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
livenessProbeImage:
|
||||
repository: registry.k8s.io/sig-storage/livenessprobe
|
||||
tag: v2.18.0@sha256:c4cc074199c045dd73ab85f28897e2a32f4d6f38ffdba4f3b13b8007ccbd3570
|
||||
livenessProbe:
|
||||
resources:
|
||||
limits:
|
||||
cpu: null
|
||||
memory: null
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 20Mi
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: seerr-chart
|
||||
repository: oci://ghcr.io/seerr-team/seerr
|
||||
version: 3.4.1
|
||||
version: 3.5.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:821fc73d7411c89f0eba2c35a7a455523dadaa4f9d5149b17b2c96cf594f5e1a
|
||||
generated: "2026-04-08T17:24:50.724009386Z"
|
||||
digest: sha256:84f0e23ceedb5b4eedbad1de94ea4e18785360d2125d465ed6f2bcccd7e38e5d
|
||||
generated: "2026-04-16T14:11:50.866475988Z"
|
||||
|
||||
@@ -17,11 +17,11 @@ maintainers:
|
||||
dependencies:
|
||||
- name: seerr-chart
|
||||
repository: oci://ghcr.io/seerr-team/seerr
|
||||
version: 3.4.1
|
||||
version: 3.5.1
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/seerr.png
|
||||
# renovate: datasource=github-releases depName=seerr-team/seerr
|
||||
appVersion: v3.1.0
|
||||
appVersion: v3.2.0
|
||||
|
||||
@@ -2,7 +2,7 @@ seerr-chart:
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: seerr-team/seerr
|
||||
tag: v3.1.0
|
||||
tag: v3.2.0
|
||||
sha: b35ba0461c4a1033d117ac1e5968fd4cbe777899e4cbfbdeaf3d10a42a0eb7e9
|
||||
config:
|
||||
persistence:
|
||||
|
||||
@@ -10,7 +10,7 @@ site-documentation:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-documentation
|
||||
tag: 0.24.0@sha256:4de96b40683bdb4998219b38b728a46e821de7ccd28b2ff6cc69ff26a712e7af
|
||||
tag: 0.25.0@sha256:1509b20e703617ce8e6fc78fa599a56c09be178541adc82da406632f9af15d97
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -10,7 +10,7 @@ site-profile:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-profile
|
||||
tag: 3.17.0@sha256:22c5bebe1148c019cdd50c2da06d9e8679e1b2653762cb3f3febf1aba75c309f
|
||||
tag: 3.18.1@sha256:94c120ecd381b4e1568e1fe6619b3472d58870a5a5c5da4bc4b40e0e6b6cbfb1
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -10,7 +10,7 @@ site-saralebens:
|
||||
main:
|
||||
image:
|
||||
repository: harbor.alexlebens.net/images/site-saralebens
|
||||
tag: 1.1.0@sha256:118dd5c65edcc0c77b00bbb6d9c70aab307aa04ba211f3fd74435e9b06c38304
|
||||
tag: 1.1.1@sha256:b1a92f492127dd0e6b1756dd6798e72fbc991c7b334c0bec87ba39cb9bb14ee3
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
|
||||
@@ -33,4 +33,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-sonarr
|
||||
appVersion: 4.0.17.2952-ls306
|
||||
appVersion: 4.0.17.2952-ls307
|
||||
|
||||
@@ -13,7 +13,7 @@ sonarr-4k:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/sonarr
|
||||
tag: 4.0.17.2952-ls306@sha256:b5670a3adb0f8a8b0f277feeaa69a5fbe3869ba4bb9fa7c0f0764c3b3f0e698f
|
||||
tag: 4.0.17.2952-ls307@sha256:6854df9de20b8c82e1982604f39473d64dbb4c4584b1013f18f9ade1ee92af13
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user