alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 9 Actions Packages Projects Releases Wiki Activity

Compare commits

base: alexlebens:916aa3df74d57942e4a23d91a2c4bda47fce2e93
Branches Tags
alexlebens:main alexlebens:renovate/postgres-cluster-6.x alexlebens:renovate/loki-6.x alexlebens:renovate/external-dns-1.x alexlebens:renovate/ghcr.io-traefik-traefik-3.x alexlebens:renovate/ghcr.io-moghtech-komodo-core-1.x alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x alexlebens:renovate/ghcr.io-immich-app-immich-server-1.x alexlebens:renovate/ghcr.io-immich-app-immich-machine-learning-1.x alexlebens:renovate/ghcr.io-linuxserver-qbittorrent-5.x alexlebens:renovate/roundcube-roundcubemail-1.x
...
compare: alexlebens:a4d5f9fe0314508ba232ded22674c7e62a7c4d4a
Branches Tags
alexlebens:renovate/postgres-cluster-6.x alexlebens:renovate/loki-6.x alexlebens:renovate/external-dns-1.x alexlebens:renovate/ghcr.io-traefik-traefik-3.x alexlebens:renovate/ghcr.io-moghtech-komodo-core-1.x alexlebens:renovate/ghcr.io-karakeep-app-karakeep-0.x alexlebens:renovate/ghcr.io-immich-app-immich-server-1.x alexlebens:renovate/ghcr.io-immich-app-immich-machine-learning-1.x alexlebens:renovate/ghcr.io-linuxserver-qbittorrent-5.x alexlebens:main alexlebens:renovate/roundcube-roundcubemail-1.x

8 Commits
916aa3df74 ... a4d5f9fe03

Author SHA1 Message Date
Renovate Bot
a4d5f9fe03 Update Helm release postgres-cluster to v6
All checks were successful
lint-and-test-charts / lint-test (pull_request) Successful in 3m10s
Details
2025-06-05 03:05:34 +00:00
Alex Lebens
428504098d fix list
All checks were successful
renovate / renovate (push) Successful in 2m42s
Details
2025-06-04 21:58:01 -05:00
Alex Lebens
98d5f6de80 add trivy
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2025-06-04 21:50:19 -05:00
Alex Lebens
019fd4384d remove duplicate
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2025-06-04 21:45:56 -05:00
Alex Lebens
bb22ae7b02 add extension
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2025-06-04 21:43:33 -05:00
Alex Lebens
6d74a75e59 add trivy plugin
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2025-06-04 21:40:46 -05:00
Alex Lebens
170811acf6 fix path
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2025-06-04 21:38:40 -05:00
Alex Lebens
58f4a8a29b add trivy
Some checks failed
renovate / renovate (push) Has been cancelled
Details
2025-06-04 21:38:03 -05:00
44 changed files with 189 additions and 187 deletions
Expand all files Collapse all files

2
clusters/cl01tl/applications/directus/Chart.yaml
View File

@@ -32,7 +32,7 @@ dependencies:
version: 1.15.0 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
appVersion: 11.7.2 appVersion: 11.7.2

2
clusters/cl01tl/applications/freshrss/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
version: 1.15.0 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
appVersion: 1.26.2 appVersion: 1.26.2

2
clusters/cl01tl/applications/immich/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-16-cluster alias: postgres-16-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
appVersion: v1.132.3 appVersion: v1.132.3

2
clusters/cl01tl/applications/jellystat/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
appVersion: 1.1.6 appVersion: 1.1.6

2
clusters/cl01tl/applications/libation/values.yaml
View File

@@ -6,7 +6,7 @@ libation:
suspend: false suspend: false
concurrencyPolicy: Forbid concurrencyPolicy: Forbid
timeZone: US/Central timeZone: US/Central
schedule: "0 * * * *" schedule: "30 4 * * *"
startingDeadlineSeconds: 90 startingDeadlineSeconds: 90
successfulJobsHistory: 3 successfulJobsHistory: 3
failedJobsHistory: 3 failedJobsHistory: 3

2
clusters/cl01tl/applications/lidarr/Chart.yaml
View File

@@ -24,7 +24,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/lidarr.png
appVersion: 2.11.2 appVersion: 2.11.2

2
clusters/cl01tl/applications/outline/Chart.yaml
View File

@@ -33,7 +33,7 @@ dependencies:
version: 1.15.0 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/outline.png
appVersion: 0.84.0 appVersion: 0.84.0

2
clusters/cl01tl/applications/photoview/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/photoview.png
appVersion: 2.4.0 appVersion: 2.4.0

2
clusters/cl01tl/applications/postiz/Chart.yaml
View File

@@ -31,7 +31,7 @@ dependencies:
version: 1.15.0 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/postiz.png
appVersion: v1.43.3 appVersion: v1.43.3

2
clusters/cl01tl/applications/radarr-4k/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
appVersion: 5.22.4 appVersion: 5.22.4

2
clusters/cl01tl/applications/radarr-anime/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
appVersion: 5.22.4 appVersion: 5.22.4

2
clusters/cl01tl/applications/radarr-standup/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
appVersion: 5.22.4 appVersion: 5.22.4

2
clusters/cl01tl/applications/radarr/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
appVersion: 5.22.4 appVersion: 5.22.4

2
clusters/cl01tl/applications/roundcube/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/roundcube.png
appVersion: 1.6.10 appVersion: 1.6.10

2
clusters/cl01tl/applications/roundcube/values.yaml
View File

@@ -75,7 +75,7 @@ roundcube:
suspend: false suspend: false
concurrencyPolicy: Forbid concurrencyPolicy: Forbid
timeZone: US/Central timeZone: US/Central
schedule: 0 4 * * * schedule: 30 4 * * *
startingDeadlineSeconds: 90 startingDeadlineSeconds: 90
successfulJobsHistory: 3 successfulJobsHistory: 3
failedJobsHistory: 3 failedJobsHistory: 3

2
clusters/cl01tl/applications/sonarr-4k/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
appVersion: 4.0.14 appVersion: 4.0.14

2
clusters/cl01tl/applications/sonarr-anime/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
appVersion: 4.0.14 appVersion: 4.0.14

2
clusters/cl01tl/applications/sonarr/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/sonarr.png
appVersion: 4.0.14 appVersion: 4.0.14

2
clusters/cl01tl/applications/vaultwarden/Chart.yaml
View File

@@ -28,7 +28,7 @@ dependencies:
version: 1.15.0 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/vaultwarden.png
appVersion: 1.33.2 appVersion: 1.33.2

2
clusters/cl01tl/applications/yamtrack/Chart.yaml
View File

@@ -27,7 +27,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/yamtrack.png
appVersion: 0.22.7 appVersion: 0.22.7

13
clusters/cl01tl/deployment/argocd/values.yaml
View File

@@ -63,12 +63,21 @@ argo-cd:
enabled: true enabled: true
server: server:
replicas: 2 replicas: 2
ingress: extensions:
enabled: false enabled: true
extensionList:
- name: extension-trivy
env:
- name: EXTENSION_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy.tar
- name: EXTENSION_CHECKSUM_URL
value: https://github.com/mziyabo/argocd-trivy-extension/releases/download/v0.2.0/extension-trivy_checksums.txt
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
ingress:
enabled: false
repoServer: repoServer:
replicas: 2 replicas: 2
extraContainers: extraContainers:

38
clusters/cl01tl/deployment/stack/templates/application.yaml
View File

@@ -189,41 +189,3 @@ spec:
- ApplyOutOfSyncOnly=true - ApplyOutOfSyncOnly=true
- ServerSideApply=true - ServerSideApply=true
- PruneLast=true - PruneLast=true
---
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: snapshot-controller
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: snapshot-controller
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
source:
repoURL: {{ .Values.git.repo }}
targetRevision: {{ .Values.git.revision }}
path: clusters/{{ .Values.cluster.name }}/standalone/snapshot-controller
destination:
name: in-cluster
namespace: snapshot-controller
revisionHistoryLimit: 3
syncPolicy:
automated:
prune: true
selfHeal: true
retry:
limit: 10
backoff:
duration: 1m
factor: 2
maxDuration: 16m
syncOptions:
- CreateNamespace=true
- ApplyOutOfSyncOnly=true
- ServerSideApply=true
- PruneLast=true

2
clusters/cl01tl/management/argo-workflows/Chart.yaml
View File

@@ -25,7 +25,7 @@ dependencies:
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
appVersion: v3.6.7 appVersion: v3.6.7

3
clusters/cl01tl/management/headlamp/values.yaml
View File

@@ -19,6 +19,9 @@ headlamp:
- name: cert-manager - name: cert-manager
source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager source: https://artifacthub.io/packages/headlamp/headlamp-plugins/headlamp_cert-manager
version: 0.1.0 version: 0.1.0
- name: trivy
source: https://artifacthub.io/packages/headlamp/headlamp-trivy/headlamp_trivy
version: 0.3.1
installOptions: installOptions:
parallel: true parallel: true
maxConcurrent: 2 maxConcurrent: 2

2
clusters/cl01tl/management/komodo/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
appVersion: v1.17.5 appVersion: v1.17.5

2
clusters/cl01tl/management/kronic/values.yaml
View File

@@ -8,7 +8,7 @@ kronic:
adminUsername: kronic adminUsername: kronic
existingSecretName: kronic-config-secret existingSecretName: kronic-config-secret
env: env:
KRONIC_ALLOW_NAMESPACES: "gitea vault talos libation kubernetes-cloudflare-ddns" KRONIC_ALLOW_NAMESPACES: "gitea,vault,talos,libation,kubernetes-cloudflare-ddns"
ingress: ingress:
enabled: false enabled: false
resources: resources:

2
clusters/cl01tl/monitoring/gatus/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
version: 1.2.0 version: 1.2.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
appVersion: v5.12.0 appVersion: v5.12.0

2
clusters/cl01tl/monitoring/grafana-operator/Chart.yaml
View File

@@ -29,7 +29,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
appVersion: v5.18.0 appVersion: v5.18.0

22
clusters/cl01tl/monitoring/trivy/Chart.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: v2
name: trivy
version: 1.0.0
description: Trivy
keywords:
- trivy
- vulnerability
- monitoring
- kubernetes
home: https://wiki.alexlebens.dev/s/5cffa529-4c2e-4126-99eb-cc4aeb5a49b3
sources:
- https://github.com/aquasecurity/trivy
- https://github.com/aquasecurity/trivy-operator
- https://github.com/aquasecurity/trivy-operator/tree/main/deploy/helm
maintainers:
- name: alexlebens
dependencies:
- name: trivy-operator
version: 0.28.1
repository: https://aquasecurity.github.io/helm-charts/
icon: https://raw.githubusercontent.com/aquasecurity/trivy/main/docs/imgs/logo.png
appVersion: v0.26.1

113
clusters/cl01tl/monitoring/trivy/values.yaml Normal file
View File

@@ -0,0 +1,113 @@
trivy-operator:
targetWorkloads: "pod,replicaset,replicationcontroller,statefulset,daemonset,cronjob,job"
operator:
replicas: 1
vulnerabilityScannerEnabled: true
sbomGenerationEnabled: false
clusterSbomCacheEnabled: false
configAuditScannerEnabled: false
rbacAssessmentScannerEnabled: false
infraAssessmentScannerEnabled: false
clusterComplianceEnabled: false
serviceMonitor:
enabled: true
trivy:
createConfig: true
image:
registry: mirror.gcr.io
repository: aquasec/trivy
tag: 0.62.1
storageClassEnabled: true
storageClassName: ceph-block
storageSize: "5Gi"
registry:
mirror:
"registry-1.docker.io": proxy-registry-1.docker.io
"quay.io": proxy-quay.io
"registry.k8s.io": proxy-registry.k8s
"gcr.io": proxy-gcr.io
"ghcr.io": proxy-ghcr.io
"hub.docker": proxy-hub.docker
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
slow: true
resources:
requests:
cpu: 100m
memory: 128M
supportedConfigAuditKinds: "Workload,Service,Role,ClusterRole,NetworkPolicy,Ingress,LimitRange,ResourceQuota"
server:
resources:
requests:
cpu: 200m
memory: 512Mi
replicas: 1
compliance:
reportType: summary
cron: 0 5 * * *
specs:
- k8s-cis-1.23
- k8s-nsa-1.0
- k8s-pss-baseline-0.1
- k8s-pss-restricted-0.1
volumeMounts:
- mountPath: /tmp
name: cache-policies
readOnly: false
volumes:
- name: cache-policies
emptyDir: {}
resources:
requests:
cpu: 100m
memory: 128Mi
nodeCollector:
volumeMounts:
- name: var-lib-etcd
mountPath: /var/lib/etcd
readOnly: true
- name: var-lib-kubelet
mountPath: /var/lib/kubelet
readOnly: true
- name: var-lib-kube-scheduler
mountPath: /var/lib/kube-scheduler
readOnly: true
- name: var-lib-kube-controller-manager
mountPath: /var/lib/kube-controller-manager
readOnly: true
- name: etc-systemd
mountPath: /etc/systemd
readOnly: true
- name: lib-systemd
mountPath: /lib/systemd/
readOnly: true
- name: etc-kubernetes
mountPath: /etc/kubernetes
readOnly: true
- name: etc-cni-netd
mountPath: /etc/cni/net.d/
readOnly: true
volumes:
- name: var-lib-etcd
hostPath:
path: /var/lib/etcd
- name: var-lib-kubelet
hostPath:
path: /var/lib/kubelet
- name: var-lib-kube-scheduler
hostPath:
path: /var/lib/kube-scheduler
- name: var-lib-kube-controller-manager
hostPath:
path: /var/lib/kube-controller-manager
- name: etc-systemd
hostPath:
path: /etc/systemd
- name: lib-systemd
hostPath:
path: /lib/systemd
- name: etc-kubernetes
hostPath:
path: /etc/kubernetes
- name: etc-cni-netd
hostPath:
path: /etc/cni/net.d/

2
clusters/cl01tl/platform/authentik/Chart.yaml
View File

@@ -29,7 +29,7 @@ dependencies:
version: 1.15.0 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
appVersion: 2025.4.1 appVersion: 2025.4.1

2
clusters/cl01tl/platform/gitea/Chart.yaml
View File

@@ -54,7 +54,7 @@ dependencies:
version: 1.15.0 version: 1.15.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
appVersion: 1.23.7 appVersion: 1.23.7

74
clusters/cl01tl/platform/gitea/values.yaml
View File

@@ -151,80 +151,6 @@ gitea:
enabled: false enabled: false
mariadb: mariadb:
enabled: false enabled: false
# renovate:
# global:
# fullnameOverride: gitea-renovate
# controllers:
# renovate:
# type: cronjob
# cronjob:
# suspend: false
# concurrencyPolicy: Forbid
# timeZone: US/Central
# schedule: "0 4 * * *"
# startingDeadlineSeconds: 90
# successfulJobsHistory: 3
# failedJobsHistory: 3
# backoffLimit: 3
# parallelism: 1
# containers:
# main:
# image:
# repository: renovate/renovate
# tag: 40
# pullPolicy: IfNotPresent
# env:
# - name: RENOVATE_PLATFORM
# value: gitea
# - name: RENOVATE_AUTODISCOVER
# value: 'true'
# - name: RENOVATE_ONBOARDING
# value: 'true'
# - name: RENOVATE_BASE_DIR
# value: /tmp/renovate
# - name: RENOVATE_PERSIST_REPO_DATA
# value: true
# - name: RENOVATE_REPOSITORY_CACHE
# value: true
# - name: RENOVATE_REDIS_URL
# value: redis://gitea-renovate-valkey-primary.gitea:6379
# - name: LOG_LEVEL
# value: info
# envFrom:
# - secretRef:
# name: gitea-renovate-secret
# resources:
# requests:
# cpu: 100m
# memory: 128Mi
# persistence:
# base:
# storageClass: ceph-block
# accessMode: ReadWriteOnce
# size: 5Gi
# retain: true
# advancedMounts:
# renovate:
# main:
# - path: /tmp/renovate
# readOnly: false
# ssh:
# enabled: true
# type: secret
# name: gitea-renovate-ssh-secret
# advancedMounts:
# renovate:
# main:
# - path: /home/ubuntu/.ssh
# readOnly: true
# mountPropagation: None
# cache:
# type: emptyDir
# advancedMounts:
# renovate:
# main:
# - path: /tmp/renovate/cache
# readOnly: false
backup: backup:
global: global:
fullnameOverride: gitea-backup fullnameOverride: gitea-backup

2
clusters/cl01tl/platform/matrix-synapse/Chart.yaml
View File

@@ -63,7 +63,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
appVersion: 1.129.0 appVersion: 1.129.0

2
clusters/cl01tl/platform/n8n/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/n8n.png
appVersion: 1.93.0 appVersion: 1.93.0

2
clusters/cl01tl/platform/ollama/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.0.1 version: 4.0.1
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
appVersion: 0.7.0 appVersion: 0.7.0

2
clusters/cl01tl/platform/stalwart/Chart.yaml
View File

@@ -32,7 +32,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts repository: oci://harbor.alexlebens.net/proxy-registry-1.docker.io/bitnamicharts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart-mail-server.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/stalwart-mail-server.png
appVersion: v0.11.8 appVersion: v0.11.8

2
clusters/cl01tl/services/harbor/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
repository: oci://registry-1.docker.io/bitnamicharts repository: oci://registry-1.docker.io/bitnamicharts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-17-cluster alias: postgres-17-cluster
version: 5.1.0 version: 6.4.4
repository: http://gitea-http.gitea:3000/api/packages/alexlebens/helm repository: http://gitea-http.gitea:3000/api/packages/alexlebens/helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
appVersion: v2.13.0 appVersion: v2.13.0

2
clusters/cl01tl/services/harbor/values.yaml
View File

@@ -76,7 +76,7 @@ harbor:
# interval: 24h # interval: 24h
# dryrun: false # dryrun: false
trivy: trivy:
enabled: false enabled: true
database: database:
type: external type: external
external: external:

2
clusters/cl01tl/services/kubernetes-cloudflare-ddns/values.yaml
View File

@@ -6,7 +6,7 @@ kubernetes-cloudflare-ddns:
suspend: false suspend: false
concurrencyPolicy: Forbid concurrencyPolicy: Forbid
timeZone: US/Central timeZone: US/Central
schedule: "0 0 * * *" schedule: "30 4 * * *"
startingDeadlineSeconds: 90 startingDeadlineSeconds: 90
successfulJobsHistory: 3 successfulJobsHistory: 3
failedJobsHistory: 3 failedJobsHistory: 3

2
clusters/cl01tl/services/talos/values.yaml
View File

@@ -13,7 +13,7 @@ etcd-backup:
suspend: false suspend: false
concurrencyPolicy: Forbid concurrencyPolicy: Forbid
timeZone: US/Central timeZone: US/Central
schedule: "0 0 * * *" schedule: "0 2 * * *"
startingDeadlineSeconds: 90 startingDeadlineSeconds: 90
successfulJobsHistory: 3 successfulJobsHistory: 3
failedJobsHistory: 3 failedJobsHistory: 3

20
clusters/cl01tl/standalone/snapshot-controller/Chart.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: v2
name: snapshot-controller
version: 1.0.0
description: Snapshot Controller
keywords:
- snapshot-controller
- storage
- kubernetes
home: https://wiki.alexlebens.dev/s/3057b7d3-4715-44ea-8617-5ef53657330b
sources:
- https://github.com/kubernetes-csi/external-snapshotter
- https://github.com/piraeusdatastore/helm-charts/tree/main/charts/snapshot-controller
maintainers:
- name: alexlebens
dependencies:
- name: snapshot-controller
version: 4.0.2
repository: https://piraeus.io/helm-charts/
icon: https://raw.githubusercontent.com/piraeusdatastore/piraeus/master/artwork/sandbox-artwork/icon/color.svg
appVersion: "v8.2.1"

16
clusters/cl01tl/standalone/snapshot-controller/values.yaml
View File

@@ -1,16 +0,0 @@
snapshot-controller:
controller:
replicaCount: 3
args:
leaderElection: true
leaderElectionNamespace: snapshot-controller
httpEndpoint: ":8080"
image:
repository: registry.k8s.io/sig-storage/snapshot-controller
tag: ""
resources:
requests:
cpu: 50m
memory: 128Mi
serviceMonitor:
create: true

7
clusters/cl01tl/storage/snapshot-controller/values.yaml
View File

@@ -3,10 +3,13 @@ snapshot-controller:
replicaCount: 3 replicaCount: 3
args: args:
leaderElection: true leaderElection: true
leaderElectionNamespace: "$(NAMESPACE)" leaderElectionNamespace: snapshot-controller
image: image:
repository: registry.k8s.io/sig-storage/snapshot-controller repository: registry.k8s.io/sig-storage/snapshot-controller
tag: v8.2.1 tag: v8.2.1
resources:
requests:
cpu: 50m
memory: 128Mi
serviceMonitor: serviceMonitor:
create: true create: true
volumeSnapshotClasses: []