Update ghcr.io/immich-app/immich-server Docker tag to v1.134.0

clusters/cl01tl/applications/outline/Chart.yaml

@@ -26,6 +26,10 @@ dependencies:
     alias: outline
     repository: https://bjw-s-labs.github.io/helm-charts/
     version: 4.0.1
+  - name: tenant
+    alias: minio
+    version: 7.1.1
+    repository: https://operator.min.io/
   - name: valkey
     version: 3.0.9
     repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
@@ -33,6 +37,10 @@ dependencies:
     alias: cloudflared-outline
     repository: oci://harbor.alexlebens.net/helm-charts
     version: 1.15.0
+  - name: cloudflared
+    alias: cloudflared-minio
+    repository: oci://harbor.alexlebens.net/helm-charts
+    version: 1.15.0
   - name: postgres-cluster
     alias: postgres-17-cluster
     version: 5.1.0

clusters/cl01tl/applications/outline/templates/external-secret.yaml

@@ -57,6 +57,82 @@ spec:
         metadataPolicy: None
         property: secret
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-user-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-minio-user-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: AWS_ACCESS_KEY_ID
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/auth
+        metadataPolicy: None
+        property: AWS_ACCESS_KEY_ID
+    - secretKey: AWS_SECRET_ACCESS_KEY
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/auth
+        metadataPolicy: None
+        property: AWS_SECRET_ACCESS_KEY
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-root-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-minio-root-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.env
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/config
+        metadataPolicy: None
+        property: root-config.env
+
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-config-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-minio-config-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: config.env
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cl01tl/outline/minio/config
+        metadataPolicy: None
+        property: config.env
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret
@@ -80,6 +156,29 @@ spec:
         metadataPolicy: None
         property: token
 
+---
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: outline-minio-cloudflared-secret
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: outline-minio-cloudflared-secret
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: vault
+  data:
+    - secretKey: cf-tunnel-token
+      remoteRef:
+        conversionStrategy: Default
+        decodingStrategy: None
+        key: /cloudflare/tunnels/outline-minio
+        metadataPolicy: None
+        property: token
+
 ---
 apiVersion: external-secrets.io/v1
 kind: ExternalSecret

clusters/cl01tl/applications/outline/templates/http-route.yaml

@@ -0,0 +1,28 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http-route-outline-minio
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: http-route-outline-minio
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/part-of: {{ .Release.Name }}
+spec:
+  parentRefs:
+    - group: gateway.networking.k8s.io
+      kind: Gateway
+      name: traefik-gateway
+      namespace: traefik
+  hostnames:
+    - minio-outline.alexlebens.net
+  rules:
+    - matches:
+      - path:
+          type: PathPrefix
+          value: /
+      backendRefs:
+        - group: ''
+          kind: Service
+          name: minio-outline-console
+          port: 9090
+          weight: 100

clusters/cl01tl/applications/outline/templates/pod.yaml

@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: outline-s3cmd
+  namespace: outline
+spec:
+  automountServiceAccountToken: true
+  containers:
+    - name: outline-s3cmd
+      image: d3fk/s3cmd:latest
+      command:
+        - /bin/sh
+      args:
+        - -ec
+        - sleep 1000000000000s

clusters/cl01tl/applications/outline/values.yaml

@@ -70,24 +70,21 @@ outline:
             - name: AWS_ACCESS_KEY_ID
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-outline
+                  name: outline-minio-user-secret
                   key: AWS_ACCESS_KEY_ID
             - name: AWS_SECRET_ACCESS_KEY
               valueFrom:
                 secretKeyRef:
-                  name: ceph-bucket-outline
+                  name: outline-minio-user-secret
                   key: AWS_SECRET_ACCESS_KEY
             - name: AWS_REGION
               value: us-east-1
             - name: AWS_S3_UPLOAD_BUCKET_NAME
-              valueFrom:
+              value: outline
-                configMapKeyRef:
-                  name: ceph-bucket-outline
-                  key: BUCKET_NAME
             - name: AWS_S3_UPLOAD_BUCKET_URL
-              value: https://objects.alexlebens.dev
+              value: https://outline-storage.alexlebens.dev/outline
             - name: AWS_S3_ACCELERATE_URL
-              value: https://objects.alexlebens.dev
+              value: https://outline-storage.alexlebens.dev/outline
             - name: AWS_S3_FORCE_PATH_STYLE
               value: false
             - name: AWS_S3_ACL
@@ -144,6 +141,30 @@ outline:
           port: 3000
           targetPort: 3000
           protocol: HTTP
+minio:
+  existingSecret:
+    name: outline-minio-root-secret
+  tenant:
+    name: minio-outline
+    configSecret:
+      name: outline-minio-config-secret
+    pools:
+      - servers: 3
+        name: pool
+        volumesPerServer: 2
+        size: 10Gi
+        storageClassName: ceph-block
+    mountPath: /export
+    subPath: /data
+    metrics:
+      enabled: true
+      port: 9000
+      protocol: http
+    certificate:
+      requestAutoCert: false
+  ingress:
+    console:
+      enabled: false
 valkey:
   architecture: replication
   auth:
@@ -169,6 +190,9 @@ valkey:
 cloudflared-outline:
   existingSecretName: outline-cloudflared-secret
   name: cloudflared-outline
+cloudflared-minio:
+  existingSecretName: outline-minio-cloudflared-secret
+  name: cloudflared-minio
 postgres-17-cluster:
   mode: standalone
   cluster: