alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions Activity

Compare commits

base: alexlebens/infrastructure:9145cc76ca36d6f63a2d0eba7fa0b44e6af15765
Branches Tags
alexlebens/infrastructure:main alexlebens/infrastructure:manifests alexlebens/infrastructure:renovate/unified-cilium alexlebens/infrastructure:renovate/unified-postiz
..
compare: alexlebens/infrastructure:51aafa3a3d75545eeae33e4fb64d1d71599691fd
Branches Tags
alexlebens/infrastructure:manifests alexlebens/infrastructure:renovate/unified-cilium alexlebens/infrastructure:renovate/unified-postiz alexlebens/infrastructure:main

4 Commits
9145cc76ca .. 51aafa3a3d

Author SHA1 Message Date
renovate-bot 51aafa3a3d chore(deps): update ghcr.io/tailscale/tailscale docker tag to v1.98.3
lint-test-docker / lint-docker-compose (pull_request) Successful in 2m13s
Details
2026-05-22 18:49:57 +00:00
alexlebens 06f2ef0690 Merge pull request 'Tmp/fixes' (#7263) from tmp/fixes into main
lint-test-docker / lint-docker-compose (push) Successful in 23s
Details
lint-test-helm / lint-helm (push) Successful in 58s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 7m1s
Details 
Reviewed-on: #7263
 2026-05-22 18:45:22 +00:00
alexlebens 318e34c2e2 feat: remove vault 2026-05-22 18:45:22 +00:00
alexlebens 654ac8f68d fix: wrong sha 2026-05-22 18:45:22 +00:00
18 changed files with 1 additions and 798 deletions
Expand all files Collapse all files
clusters/cl01tl/helm/blocky/values.yaml
-1
View File
@@ -164,7 +164,6 @@ blocky:
sparkyfitness IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl
yubal IN CNAME traefik-cl01tl
clusters/cl01tl/helm/gatus/values.yaml
-3
View File
@@ -258,9 +258,6 @@ gatus:
- name: whodb
url: https://whodb.alexlebens.net
<<: *defaults
- name: vault
url: https://vault.alexlebens.net
<<: *defaults
- name: openbao
url: https://bao.alexlebens.net
<<: *defaults
clusters/cl01tl/helm/gitea/values.yaml
+1 -1
View File
@@ -212,7 +212,7 @@ gitea-actions:
registry: docker.io
repository: docker
# renovate: datasource=docker depName=docker
tag: 29.5.2-dind@sha256:eb37f58646a901dc7727cf448cae36daaefaba79de33b5058dab79aa4c04aefb
tag: 29.5.2-dind@sha256:6b9cd914eb9c6b342c040a49a27a5eb3804453bae6ecc90f7ff96133595a95e8
extraVolumeMounts:
- name: docker-vol
mountPath: /var/lib/docker
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
-18
View File
@@ -591,24 +591,6 @@ spec:
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/rclone.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-vault
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-vault
{{- include "custom.labels" . | nindent 4 }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 6h
folderUID: grafana-folder-platform
resyncPeriod: 6h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/platform/vault.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
clusters/cl01tl/helm/homepage/values.yaml
-12
View File
@@ -601,18 +601,6 @@ homepage:
href: https://whodb.alexlebens.net
siteMonitor: http://whodb.whodb:80
statusStyle: dot
- Secrets:
icon: sh-hashicorp-vault.webp
description: Vault
href: https://vault.alexlebens.net
siteMonitor: http://vault.vault:8200
statusStyle: dot
namespace: vault
app: vault
podSelector: >-
app.kubernetes.io/instance in (
vault
)
- Secrets:
icon: sh-openbao.webp
description: OpenBao
clusters/cl01tl/helm/vault/Chart.lock
-12
View File
@@ -1,12 +0,0 @@
dependencies:
- name: vault
repository: https://helm.releases.hashicorp.com
version: 0.32.0
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 5.0.1
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 5.0.1
digest: sha256:c555a9afad1b13f96d7a94c98182312fae388ab55b26cf177b15a0a4192e879f
generated: "2026-05-15T00:42:01.447358515Z"
clusters/cl01tl/helm/vault/Chart.yaml
-34
View File
@@ -1,34 +0,0 @@
apiVersion: v2
name: vault
version: 1.0.0
description: Vault
keywords:
- vault
- secrets
home: https://docs.alexlebens.dev/applications/vault/
sources:
- https://github.com/hashicorp/vault
- https://github.com/Angatar/s3cmd
- https://github.com/lrstanley/vault-unseal
- https://hub.docker.com/r/hashicorp/vault
- https://hub.docker.com/r/d3fk/s3cmd/
- https://github.com/lrstanley/vault-unseal/pkgs/container/vault-unseal
- https://github.com/hashicorp/vault-helm
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: vault
version: 0.32.0
repository: https://helm.releases.hashicorp.com
- name: app-template
alias: snapshot
repository: https://bjw-s-labs.github.io/helm-charts/
version: 5.0.1
- name: app-template
alias: unseal
repository: https://bjw-s-labs.github.io/helm-charts/
version: 5.0.1
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png
# renovate: datasource=github-releases depName=hashicorp/vault
appVersion: 2.0.1
clusters/cl01tl/helm/vault/templates/_helpers.tpl
-21
View File
@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
ServiceAccount names
*/}}
{{- define "custom.serviceAccountName" -}}
vault
{{- end -}}
clusters/cl01tl/helm/vault/templates/config-map.yaml
-49
View File
@@ -1,49 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-snapshot-script
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-snapshot-script
{{- include "custom.labels" . | nindent 4 }}
data:
snapshot.sh: |
DATE=$(date +"%Y%m%d-%H-%M")
echo " "
echo ">> Running Vault Snapshot Script ..."
echo " "
echo ">> Fetching Vault token ..."
export VAULT_TOKEN=$(vault write -field=token auth/approle/login role_id=$VAULT_APPROLE_ROLE_ID secret_id=$VAULT_APPROLE_SECRET_ID)
if [ -z "$VAULT_TOKEN" ]; then
echo ">> ERROR: Failed to fetch Vault token! Exiting..."
exit 1
fi
echo " "
echo ">> Taking Vault snapshot ..."
vault operator raft snapshot save /opt/backup/vault-snapshot-$DATE.snap
echo " "
echo ">> Setting ownership of Vault snapshot ..."
chown 100:1000 /opt/backup/vault-snapshot-$DATE.snap
echo " "
echo ">> Completed Vault snapshot"
---
apiVersion: v1
kind: ConfigMap
metadata:
name: vault-backup-script
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-script
{{- include "custom.labels" . | nindent 4 }}
data:
backup.sh: |
echo " ";
echo ">> Running S3 backup for Vault snapshot";
OUTPUT=$(s3cmd sync --no-check-certificate -v /opt/backup/* "${BUCKET}/cl01tl/cl01tl-vault-snapshots/" 2>&1)
clusters/cl01tl/helm/vault/templates/external-secret.yaml
-215
View File
@@ -1,215 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-token
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: token
remoteRef:
key: /cl01tl/vault/token
property: root
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-snapshot-agent-role
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-snapshot-agent-role
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: VAULT_APPROLE_ROLE_ID
remoteRef:
key: /cl01tl/vault/role/snapshot
property: role-id
- secretKey: VAULT_APPROLE_SECRET_ID
remoteRef:
key: /cl01tl/vault/role/snapshot
property: secret-id
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-backup-local-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-local-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: BUCKET
remoteRef:
key: /garage/home-infra/vault-backups
property: BUCKET_PATH
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-backup-remote-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-remote-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: BUCKET
remoteRef:
key: /garage/home-infra/vault-backups
property: BUCKET_PATH
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-unseal-config-1
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-config-1
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ENVIRONMENT
remoteRef:
key: /cl01tl/vault/unseal
property: environment
- secretKey: NODES
remoteRef:
key: /cl01tl/vault/unseal
property: nodes
- secretKey: TOKENS
remoteRef:
key: /cl01tl/vault/unseal
property: tokens-1
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-unseal-config-2
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-config-2
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ENVIRONMENT
remoteRef:
key: /cl01tl/vault/unseal
property: environment
- secretKey: NODES
remoteRef:
key: /cl01tl/vault/unseal
property: nodes
- secretKey: TOKENS
remoteRef:
key: /cl01tl/vault/unseal
property: tokens-2
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-unseal-config-3
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-unseal-config-3
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: ENVIRONMENT
remoteRef:
key: /cl01tl/vault/unseal
property: environment
- secretKey: NODES
remoteRef:
key: /cl01tl/vault/unseal
property: nodes
- secretKey: TOKENS
remoteRef:
key: /cl01tl/vault/unseal
property: tokens-3
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-ntfy-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-ntfy-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: NTFY_TOKEN
remoteRef:
key: /cl01tl/ntfy/users/cl01tl
property: token
- secretKey: NTFY_ENDPOINT
remoteRef:
key: /cl01tl/ntfy/config
property: internal-endpoint
- secretKey: NTFY_TOPIC
remoteRef:
key: /cl01tl/ntfy/topics
property: vault
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: vault-ntfy-unseal-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-ntfy-unseal-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
NOTIFY_QUEUE_URLS: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}/?priority=4&tags=vault,unseal&title=Vault+Unsealed"
data:
- secretKey: endpoint
remoteRef:
key: /cl01tl/ntfy/users/cl01tl
property: internal-endpoint-credential
- secretKey: topic
remoteRef:
key: /cl01tl/ntfy/topics
property: vault
clusters/cl01tl/helm/vault/templates/http-route.yaml
-26
View File
@@ -1,26 +0,0 @@
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
name: vault
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault
{{- include "custom.labels" . | nindent 4 }}
spec:
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- vault.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service
name: vault-active
port: 8200
clusters/cl01tl/helm/vault/templates/ingress.yaml
-28
View File
@@ -1,28 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: vault-tailscale
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-tailscale
{{- include "custom.labels" . | nindent 4 }}
tailscale.com/proxy-class: no-metrics
annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec:
ingressClassName: tailscale
tls:
- hosts:
- vault-cl01tl
secretName: vault-cl01tl
rules:
- host: vault-cl01tl
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: vault-active
port:
number: 8200
clusters/cl01tl/helm/vault/templates/persistent-volume-claim.yaml
-16
View File
@@ -1,16 +0,0 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: vault-storage-backup
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-storage-backup
{{- include "custom.labels" . | nindent 4 }}
spec:
volumeMode: Filesystem
storageClassName: ceph-filesystem
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml
-38
View File
@@ -1,38 +0,0 @@
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: vault-backup-local-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-local-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: vault
objects: |
- objectName: .s3cfg
fileName: .s3cfg
secretPath: secret/data/garage/home-infra/vault-backups
secretKey: s3cfg-local
---
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: vault-backup-remote-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: vault-backup-remote-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: vault
objects: |
- objectName: .s3cfg
fileName: .s3cfg
secretPath: secret/data/garage/home-infra/vault-backups
secretKey: s3cfg-remote
clusters/cl01tl/helm/vault/templates/service-account.yaml
-8
View File
@@ -1,8 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "custom.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }}
{{- include "custom.labels" . | nindent 4 }}
clusters/cl01tl/helm/vault/values.yaml
-314
View File
@@ -1,314 +0,0 @@
vault:
global:
serverTelemetry:
prometheusOperator: true
injector:
enabled: false
server:
enabled: true
image:
repository: hashicorp/vault
tag: 2.0.1@sha256:7553550027156b8f04e81f61a98c3f53a7bce57104f2a400e2012c851f66ac19
updateStrategyType: RollingUpdate
logLevel: debug
logFormat: standard
resources:
requests:
cpu: 50m
memory: 512Mi
authDelegator:
enabled: false
livenessProbe:
enabled: false
volumes:
- name: vault-storage-backup
persistentVolumeClaim:
claimName: vault-storage-backup
volumeMounts:
- mountPath: /opt/backups/
name: vault-storage-backup
readOnly: false
dataStorage:
size: 1Gi
storageClass: ceph-block
auditStorage:
enabled: false
size: 5Gi
storageClass: ceph-block
standalone:
enabled: false
ha:
enabled: true
raft:
enabled: true
config: |
ui = true
listener "tcp" {
tls_disable = 1
address = "[::]:8200"
cluster_address = "[::]:8201"
telemetry {
unauthenticated_metrics_access = "true"
}
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "http://vault-0.vault-internal:8200"
}
retry_join {
leader_api_addr = "http://vault-1.vault-internal:8200"
}
retry_join {
leader_api_addr = "http://vault-2.vault-internal:8200"
}
}
service_registration "kubernetes" {}
telemetry {
prometheus_retention_time = "30s"
disable_hostname = true
}
disruptionBudget:
enabled: true
maxUnavailable: 1
serverTelemetry:
serviceMonitor:
enabled: true
prometheusRules:
enabled: true
rules:
- alert: vault-HighResponseTime
annotations:
message: The response time of Vault is over 500ms on average over the last 5 minutes.
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
for: 5m
labels:
severity: warning
- alert: vault-HighResponseTime
annotations:
message: The response time of Vault is over 1s on average over the last 5 minutes.
expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
for: 5m
labels:
severity: critical
snapshot:
global:
fullnameOverride: vault-snapshot
controllers:
snapshot:
type: cronjob
pod:
automountServiceAccountToken: true
cronjob:
suspend: false
timeZone: America/Chicago
schedule: 0 4 * * *
backoffLimit: 3
parallelism: 1
initContainers:
snapshot:
image:
repository: hashicorp/vault
tag: 2.0.1@sha256:7553550027156b8f04e81f61a98c3f53a7bce57104f2a400e2012c851f66ac19
command:
- /bin/ash
args:
- -ec
- /scripts/snapshot.sh
envFrom:
- secretRef:
name: vault-snapshot-agent-role
env:
- name: VAULT_ADDR
value: http://vault-active.vault.svc.cluster.local:8200
containers:
s3-backup-local:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
- -ec
- /scripts/backup.sh
envFrom:
- secretRef:
name: vault-ntfy-config
env:
- name: BUCKET
valueFrom:
secretKeyRef:
name: vault-backup-local-config
key: BUCKET
- name: TARGET
value: Local
s3-backup-remote:
image:
repository: d3fk/s3cmd
tag: latest@sha256:d66cc5677b30b31a7981f9fde0af064a9072e8b8a57d5e9b4cc02f44f02acbf2
command:
- /bin/sh
args:
- -ec
- /scripts/backup.sh
envFrom:
- secretRef:
name: vault-ntfy-config
env:
- name: BUCKET
valueFrom:
secretKeyRef:
name: vault-backup-remote-config
key: BUCKET
- name: TARGET
value: Remote
persistence:
snapshot-script:
enabled: true
type: configMap
name: vault-snapshot-script
defaultMode: 0755
advancedMounts:
snapshot:
snapshot:
- path: /scripts/snapshot.sh
subPath: snapshot.sh
backup-script:
enabled: true
type: configMap
name: vault-backup-script
defaultMode: 0755
advancedMounts:
snapshot:
s3-backup-local:
- path: /scripts/backup.sh
subPath: backup.sh
s3-backup-remote:
- path: /scripts/backup.sh
subPath: backup.sh
s3-backup-external:
- path: /scripts/backup.sh
subPath: backup.sh
backup-local-config:
type: custom
volumeSpec:
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: vault-backup-local-config
advancedMounts:
snapshot:
s3-backup-local:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
backup-remote-config:
type: custom
volumeSpec:
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: vault-backup-remote-config
advancedMounts:
snapshot:
s3-backup-remote:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
backup-external-config:
type: custom
volumeSpec:
csi:
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: vault-backup-external-config
advancedMounts:
snapshot:
s3-backup-external:
- path: /root/.s3cfg
readOnly: true
mountPropagation: None
subPath: .s3cfg
backup:
existingClaim: vault-storage-backup
advancedMounts:
snapshot:
snapshot:
- path: /opt/backup
readOnly: false
s3-backup-local:
- path: /opt/backup
readOnly: false
s3-backup-remote:
- path: /opt/backup
readOnly: false
s3-backup-external:
- path: /opt/backup
readOnly: false
unseal:
global:
fullnameOverride: vault-unseal
controllers:
unseal-1:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/lrstanley/vault-unseal
tag: 1.0.0@sha256:9b936fadc8dea2a473972806bffc218a4dd2fbc3b373566138a60e058cc544aa
envFrom:
- secretRef:
name: vault-unseal-config-1
- secretRef:
name: vault-ntfy-unseal-config
resources:
requests:
cpu: 1m
memory: 10Mi
unseal-2:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/lrstanley/vault-unseal
tag: 1.0.0@sha256:9b936fadc8dea2a473972806bffc218a4dd2fbc3b373566138a60e058cc544aa
envFrom:
- secretRef:
name: vault-unseal-config-2
- secretRef:
name: vault-ntfy-unseal-config
resources:
requests:
cpu: 1m
memory: 10Mi
unseal-3:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/lrstanley/vault-unseal
tag: 1.0.0@sha256:9b936fadc8dea2a473972806bffc218a4dd2fbc3b373566138a60e058cc544aa
envFrom:
- secretRef:
name: vault-unseal-config-3
- secretRef:
name: vault-ntfy-unseal-config
resources:
requests:
cpu: 1m
memory: 10Mi
hosts/ps08rp/blocky/config.yml
-1
View File
@@ -142,7 +142,6 @@ customDNS:
sparkyfitness IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl
yubal IN CNAME traefik-cl01tl
hosts/ps09rp/blocky/config.yml
-1
View File
@@ -163,7 +163,6 @@ customDNS:
sparkyfitness IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl
vault IN CNAME traefik-cl01tl
whodb IN CNAME traefik-cl01tl
yamtrack IN CNAME traefik-cl01tl
yubal IN CNAME traefik-cl01tl