alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:manifests alexlebens:renovate/cilium-1.x
..
compare: alexlebens:412a07ef45d744b90db6b389fab453539045d75e
Branches Tags
alexlebens:manifests alexlebens:renovate/cilium-1.x alexlebens:main

1 Commits
main ... 412a07ef45

Author SHA1 Message Date
Renovate Bot
412a07ef45 chore(deps): update helm release volsync to v0.15.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 35s
Details
2026-03-05 19:24:05 +00:00
249 changed files with 1610 additions and 2693 deletions
Expand all files Collapse all files

178
.gitea/workflows/render-manifests-automerge.yaml
View File

@@ -46,16 +46,6 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
id: prepare-manifest-branch id: prepare-manifest-branch
run: | run: |
@@ -63,12 +53,10 @@ jobs:
BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)" BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Creating branch ..." echo ">> Creating branch ..."
git checkout -b $BRANCH_NAME git checkout -b $BRANCH_NAME
@@ -79,31 +67,38 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Checking for changes from HEAD^..HEAD ..." echo ">> Checking for changes from HEAD^..HEAD ..."
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
# Extract the chart names from the git diff if [ -n "${GIT_DIFF}" ]; then
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true) echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo "" echo "changes-detected=false" >> $GITEA_OUTPUT
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -111,31 +106,25 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
@@ -145,16 +134,15 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Remove manfiest files and rebuild from source ..." echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR} chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "${CHART_PATH}" echo "$chart_path"
rm -rf ${CHART_PATH}/* rm -rf $chart_path/*
done done
echo "----" echo "----"
@@ -167,57 +155,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -225,23 +216,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -249,18 +232,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -273,22 +254,19 @@ jobs:
env: env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }} BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after automerge" git commit -m "chore: Update manifests after automerge"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Create Pull Request - name: Create Pull Request
id: create-pull-request id: create-pull-request

188
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -2,7 +2,7 @@ name: render-manifests-dispatch
on: on:
schedule: schedule:
- cron: '0 15 * * *' - cron: '0 3 * * *'
workflow_dispatch: workflow_dispatch:
@@ -43,39 +43,24 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Checking if PR branch exists ..." echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..." echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}" git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}" git checkout "${BRANCH_NAME}"
git pull --rebase git pull --rebase
else else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..." echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}" git checkout -b $BRANCH_NAME
fi fi
echo "----" echo "----"
@@ -83,29 +68,25 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Triggered on dispatch, will check all paths ..." echo ">> Triggered on dispatch, will check all paths ..."
RENDER_DIR+=$(ls clusters/cl01tl/helm/)
# Extract names of charts
RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo ">> No directories found" echo "changes-detected=false" >> $GITEA_OUTPUT
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -113,54 +94,29 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
echo "${CHART_PATH}"
rm -rf ${CHART_PATH}/*
done
echo "----"
- name: Render Helm Manifests - name: Render Helm Manifests
id: render-manifests id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
@@ -169,57 +125,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -227,23 +186,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -251,18 +202,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -273,23 +222,20 @@ jobs:
id: commit-push id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true' if: steps.check-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after change" git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT" echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request - name: Check for Pull Request
id: check-for-pull-requst id: check-for-pull-requst

189
.gitea/workflows/render-manifests-merge.yaml
View File

@@ -47,39 +47,24 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Checking if PR branch exists ..." echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..." echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}" git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}" git checkout "${BRANCH_NAME}"
git pull --rebase git pull --rebase
else else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..." echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}" git checkout -b $BRANCH_NAME
fi fi
echo "----" echo "----"
@@ -87,31 +72,38 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Checking for changes from HEAD^..HEAD ..." echo ">> Checking for changes from HEAD^..HEAD ..."
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
# Extract the chart names from the git diff if [ -n "${GIT_DIFF}" ]; then
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true) echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo "" echo "changes-detected=false" >> $GITEA_OUTPUT
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -119,31 +111,25 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
@@ -153,16 +139,15 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Remove manfiest files and rebuild from source ..." echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR} chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "${CHART_PATH}" echo "$chart_path"
rm -rf ${CHART_PATH}/* rm -rf $chart_path/*
done done
echo "----" echo "----"
@@ -175,57 +160,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -233,23 +221,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -257,18 +237,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -279,23 +257,20 @@ jobs:
id: commit-push id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true' if: steps.check-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after change" git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT" echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request - name: Check for Pull Request
id: check-for-pull-requst id: check-for-pull-requst

189
.gitea/workflows/render-manifests-push.yaml
View File

@@ -45,38 +45,24 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ">> Checking if PR branch exists ..." echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..." echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}" git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}" git checkout "${BRANCH_NAME}"
git pull --rebase git pull --rebase
else else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..." echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}" git checkout -b $BRANCH_NAME
fi fi
echo "----" echo "----"
@@ -84,31 +70,38 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Checking for changes ..." echo ">> Checking for changes ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
# Extract the chart names from the git diff if [ -n "${GIT_DIFF}" ]; then
RENDER_DIR=$(git diff --name-only ${{ gitea.event.before }}..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true) echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo "" echo "changes-detected=false" >> $GITEA_OUTPUT
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -116,31 +109,25 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
@@ -150,17 +137,15 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Remove manfiest files and rebuild from source ..." echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR} chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "" echo "$chart_path"
echo "${CHART_PATH}" rm -rf $chart_path/*
rm -rf ${CHART_PATH}/*
done done
echo "----" echo "----"
@@ -173,57 +158,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -231,23 +219,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -255,18 +235,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -277,23 +255,20 @@ jobs:
id: commit-push id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true' if: steps.check-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after change" git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT" echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request - name: Check for Pull Request
id: check-for-pull-requst id: check-for-pull-requst

6
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f digest: sha256:ff3e2f03e93cdd4593e28b9c8bd5b9ddb25548a20a070b2e202057f216207d03
generated: "2026-03-06T01:04:41.514235218Z" generated: "2026-01-16T18:44:37.399172263Z"

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -19,7 +19,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual # renovate: datasource=github-releases depName=actualbudget/actual

5
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -81,8 +81,7 @@ volsync-target-data:
enabled: true enabled: true
schedule: 0 8 * * * schedule: 0 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 0 9 * * *
external: external:
enabled: true enabled: true
schedule: 0 10 * * * schedule: 0 9 * * *

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 1.0.2 version: 0.47.4
- name: argo-events - name: argo-events
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 2.4.20 version: 2.4.20
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
digest: sha256:31596af063744c13afac459184cd027d922d927f4191446eef63646bada28f8f digest: sha256:772ba83a6e0fa6a7e3633ff1fff0f8221b45a1f36ec890489cfa383330d99f81
generated: "2026-03-14T21:07:58.491981-05:00" generated: "2026-02-27T18:14:32.22595048Z"

6
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,15 +18,15 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
version: 1.0.2 version: 0.47.4
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: argo-events - name: argo-events
version: 2.4.20 version: 2.4.20
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows # renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.2 appVersion: v4.0.1

12
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -1,14 +1,4 @@
argo-workflows: argo-workflows:
crds:
install: true
keep: true
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.2
controller: controller:
metricsConfig: metricsConfig:
enabled: true enabled: true
@@ -115,7 +105,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.4.10 version: 9.4.7
digest: sha256:795aad956acef3f5efb8160390caf9b9792b7b4150d3a7984f1c5edbad92dfaa digest: sha256:9fc78ed4a6a55f65e3250e687caf67ad09e852eb7b01313e372127e75f451a79
generated: "2026-03-10T18:58:35.720448421Z" generated: "2026-03-03T20:05:52.081769174Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.4.10 version: 9.4.7
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.3 appVersion: v3.3.2

8
clusters/cl01tl/helm/audiobookshelf/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:7ee4cfdf7f908401c39b3cda0cf8783b25dcb9cf93e7c911609bab9e303ec5bf digest: sha256:c8a988258b26187972a8b69767bf5df502d7e2b12710eb357ac15240d872fd37
generated: "2026-03-06T01:05:03.534042627Z" generated: "2026-01-16T18:44:48.982249243Z"

6
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -21,12 +21,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-metadata alias: volsync-target-metadata
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.0 appVersion: 2.32.1

44
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,52 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: audiobookshelf-books-nfs-storage name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-books-nfs-storage volumeName: audiobookshelf-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-podcasts-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

56
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: audiobookshelf-books-nfs-storage name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -15,57 +15,7 @@ spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
nfs: nfs:
path: /volume2/Storage/Books path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Audiobooks
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Podcasts
server: synologybond.alexlebens.net server: synologybond.alexlebens.net
mountOptions: mountOptions:
- vers=4 - vers=4

32
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.0 tag: 2.32.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -21,7 +21,7 @@ audiobookshelf:
apprise-api: apprise-api:
image: image:
repository: caronc/apprise repository: caronc/apprise
tag: v1.3.2 tag: v1.3.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -114,26 +114,12 @@ audiobookshelf:
main: main:
- path: /metadata - path: /metadata
readOnly: false readOnly: false
books:
existingClaim: audiobookshelf-books-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Books
readOnly: false
audiobooks: audiobooks:
existingClaim: audiobookshelf-audiobooks-nfs-storage existingClaim: audiobookshelf-nfs-storage
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /mnt/store/Audiobooks - path: /mnt/store/
readOnly: false
podcasts:
existingClaim: audiobookshelf-podcasts-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Podcasts
readOnly: false readOnly: false
volsync-target-config: volsync-target-config:
pvcTarget: audiobookshelf-config pvcTarget: audiobookshelf-config
@@ -141,19 +127,17 @@ volsync-target-config:
enabled: true enabled: true
schedule: 2 8 * * * schedule: 2 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 2 9 * * *
external: external:
enabled: true enabled: true
schedule: 2 10 * * * schedule: 2 9 * * *
volsync-target-metadata: volsync-target-metadata:
pvcTarget: audiobookshelf-metadata pvcTarget: audiobookshelf-metadata
local: local:
enabled: true enabled: true
schedule: 4 8 * * * schedule: 4 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 4 9 * * *
external: external:
enabled: true enabled: true
schedule: 4 10 * * * schedule: 4 9 * * *

12
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 2026.2.1 version: 2026.2.1
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
digest: sha256:abb34b7bb54393236e695453aa1940497cb4def3d3a56a45ca004a22f8e05648 digest: sha256:ee8c360d746800a6f3f41f64fd2f116224b305d8bcb8660ed2687c7987e59c37
generated: "2026-03-11T22:55:49.936164674Z" generated: "2026-03-04T00:37:25.727534823Z"

9
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -25,14 +25,13 @@ dependencies:
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: redis-replication
alias: valkey version: 1.1.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik # renovate: datasource=github-releases depName=goauthentik/authentik

15
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -28,7 +28,7 @@ authentik:
key: password key: password
authentik: authentik:
redis: redis:
host: authentik-valkey host: redis-replication-authentik-master
server: server:
name: server name: server
replicas: 1 replicas: 1
@@ -68,7 +68,7 @@ postgres-18-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
index: 2 index: 1
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
@@ -91,9 +91,9 @@ postgres-18-cluster:
# isWALArchiver: false # isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: true
immediate: true immediate: true
schedule: "0 5 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -105,3 +105,10 @@ postgres-18-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
sentinel:
enabled: true

8
clusters/cl01tl/helm/backrest/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:f203538010828e77336f3cf39451a1072c90aeb8ece7c173a3476c49883b46d1 digest: sha256:18365b7dd3995703aad6928ce22dd1c3b8ffd5f1cccf54b8f1489ad111d13104
generated: "2026-03-06T01:05:24.935421139Z" generated: "2026-01-16T18:45:00.087995513Z"

6
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -19,12 +19,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
# renovate: datasource=github-releases depName=garethgeorge/backrest # renovate: datasource=github-releases depName=garethgeorge/backrest
appVersion: v1.12.1 appVersion: v1.12.0

12
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -8,7 +8,7 @@ backrest:
main: main:
image: image:
repository: garethgeorge/backrest repository: garethgeorge/backrest
tag: v1.12.1 tag: v1.12.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -111,19 +111,17 @@ volsync-target-data:
enabled: true enabled: true
schedule: 6 8 * * * schedule: 6 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 6 9 * * *
external: external:
enabled: true enabled: true
schedule: 6 10 * * * schedule: 6 9 * * *
volsync-target-config: volsync-target-config:
pvcTarget: backrest-config pvcTarget: backrest-config
local: local:
enabled: true enabled: true
schedule: 8 8 * * * schedule: 8 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 8 9 * * *
external: external:
enabled: true enabled: true
schedule: 8 10 * * * schedule: 8 9 * * *

6
clusters/cl01tl/helm/bazarr/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:ce88e4cd451613c9dbc25d285700970789ff678452ef277f3c8465dbf6157f1f digest: sha256:77d0e82601292b4173d355d18c0de82bb37684a3dc29d7c8af4169308f14de48
generated: "2026-03-06T01:05:44.405374459Z" generated: "2026-01-16T18:45:10.855338471Z"

2
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=morpheus65535/bazarr # renovate: datasource=github-releases depName=morpheus65535/bazarr

7
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa tag: 1.5.6@sha256:94eee5e3e14430b7b144d4556be73963a7daf6f1bddc25586627f426465482ce
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -87,8 +87,7 @@ volsync-target-config:
enabled: true enabled: true
schedule: 10 8 * * * schedule: 10 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 10 9 * * *
external: external:
enabled: true enabled: true
schedule: 10 10 * * * schedule: 10 9 * * *

8
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -2,8 +2,8 @@ dependencies:
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859 digest: sha256:27a4d0d6fc6622d47686fbf1dcae41c5f7e72157b0fa35abb11b375ab91f949f
generated: "2026-03-09T23:06:16.853255429Z" generated: "2026-03-04T00:37:53.921436029Z"

5
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -17,9 +17,8 @@ dependencies:
alias: blocky alias: blocky
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: valkey - name: redis-replication
alias: valkey version: 1.1.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky # renovate: datasource=github-releases depName=0xerr0r/blocky

12
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -135,7 +135,6 @@ blocky:
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl
@@ -193,42 +192,36 @@ blocky:
*.alexlebens.dev *.alexlebens.dev
*.boreal-beaufort.ts.net *.boreal-beaufort.ts.net
*.discord.com *.discord.com
cdn.trackjs.com
ads: ads:
- | - |
*.alexlebens.net *.alexlebens.net
*.alexlebens.dev *.alexlebens.dev
*.boreal-beaufort.ts.net *.boreal-beaufort.ts.net
*.discord.com *.discord.com
cdn.trackjs.com
priv: priv:
- | - |
*.alexlebens.net *.alexlebens.net
*.alexlebens.dev *.alexlebens.dev
*.boreal-beaufort.ts.net *.boreal-beaufort.ts.net
*.discord.com *.discord.com
cdn.trackjs.com
mal: mal:
- | - |
*.alexlebens.net *.alexlebens.net
*.alexlebens.dev *.alexlebens.dev
*.boreal-beaufort.ts.net *.boreal-beaufort.ts.net
*.discord.com *.discord.com
cdn.trackjs.com
pro: pro:
- | - |
*.alexlebens.net *.alexlebens.net
*.alexlebens.dev *.alexlebens.dev
*.boreal-beaufort.ts.net *.boreal-beaufort.ts.net
*.discord.com *.discord.com
cdn.trackjs.com
oisd: oisd:
- | - |
*.alexlebens.net *.alexlebens.net
*.alexlebens.dev *.alexlebens.dev
*.boreal-beaufort.ts.net *.boreal-beaufort.ts.net
*.discord.com *.discord.com
cdn.trackjs.com
clientGroupsBlock: clientGroupsBlock:
default: default:
- sus - sus
@@ -260,7 +253,7 @@ blocky:
cacheTimeNegative: 30m cacheTimeNegative: 30m
redis: redis:
address: blocky-valkey.blocky:6379 address: redis-replication-blocky-master.blocky:6379
required: true required: true
prometheus: prometheus:
@@ -333,3 +326,6 @@ blocky:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: config.yml subPath: config.yml
redis-replication:
redisReplication:
clusterSize: 1

10
clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: mariadb-cluster - name: mariadb-cluster
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
version: 26.3.0 version: 25.10.4
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5 digest: sha256:81601af110374e1571481873ace19f7bc694edb917ef35c1fbc623efe147a66d
generated: "2026-03-14T23:57:22.721295098Z" generated: "2026-01-16T18:45:33.641059484Z"

8
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -18,16 +18,16 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: mariadb-cluster - name: mariadb-cluster
version: 26.3.0 version: 25.10.4
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore # renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.1 appVersion: v2.0.5

15
clusters/cl01tl/helm/booklore/templates/replication-destination.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: booklore-data-replication-destination
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-destination
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
rsyncTLS:
copyMethod: Direct
accessModes: ["ReadWriteMany"]
destinationPVC: booklore-books-nfs-storage
keySecret: booklore-data-replication-secret

17
clusters/cl01tl/helm/booklore/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-replication-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: "0 0 * * *"
rsyncTLS:
keySecret: booklore-data-replication-secret
address: volsync-rsync-tls-dst-booklore-data-replication-destination
copyMethod: Snapshot

15
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,15 +9,11 @@ booklore:
main: main:
image: image:
repository: ghcr.io/booklore-app/booklore repository: ghcr.io/booklore-app/booklore
tag: v2.2.1 tag: v2.0.5
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
- name: USER_ID
value: 1000
- name: GROUP_ID
value: 1000
- name: DATABASE_URL - name: DATABASE_URL
value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
- name: DATABASE_USERNAME - name: DATABASE_USERNAME
@@ -225,11 +221,10 @@ volsync-target-config:
enabled: true enabled: true
schedule: 12 8 * * * schedule: 12 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 12 9 * * *
external: external:
enabled: true enabled: true
schedule: 12 10 * * * schedule: 12 9 * * *
volsync-target-data: volsync-target-data:
pvcTarget: booklore-data pvcTarget: booklore-data
local: local:
@@ -239,11 +234,11 @@ volsync-target-data:
cacheCapacity: 10Gi cacheCapacity: 10Gi
remote: remote:
enabled: true enabled: true
schedule: 14 9 * * * schedule: 14 10 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
external: external:
enabled: true enabled: true
schedule: 14 10 * * * schedule: 14 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cert-manager - name: cert-manager
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
version: v1.20.0 version: v1.19.4
digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29 digest: sha256:5c4a0a0568677bfcf4529e6ec6a005957cd1820fd5f1d1f108e74370d409fe88
generated: "2026-03-10T16:06:49.332999536Z" generated: "2026-02-24T19:30:44.415585645Z"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cert-manager - name: cert-manager
version: v1.20.0 version: v1.19.4
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager # renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.0 appVersion: v1.19.4

8
clusters/cl01tl/helm/code-server/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6 digest: sha256:a170a0695881a7eed9bc2b0fc8b7f7bce18919e9bea0c5342a35e5a1a5ffa406
generated: "2026-03-09T22:04:00.58415637Z" generated: "2026-02-07T00:36:52.387080745Z"

4
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -22,10 +22,10 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=linuxserver/docker-code-server # renovate: datasource=github-releases depName=linuxserver/docker-code-server

7
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272 tag: 4.109.5@sha256:aa43fb2fc31127e9d2166e903c7f13792351e38658ba29645662a89ff04ff90d
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -79,8 +79,7 @@ volsync-target-config:
enabled: true enabled: true
schedule: 16 8 * * * schedule: 16 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 16 9 * * *
external: external:
enabled: true enabled: true
schedule: 16 10 * * * schedule: 16 9 * * *

4
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -7,7 +7,7 @@ keywords:
- dns - dns
- network - network
- kubernetes - kubernetes
home: https://wiki.alexlebens.dev/s/ home: https://wiki.alexlebens.dev/s/43947ec6-a034-449f-8c76-982ac493b072
sources: sources:
- https://github.com/coredns/coredns - https://github.com/coredns/coredns
- https://github.com/coredns/helm - https://github.com/coredns/helm
@@ -19,4 +19,4 @@ dependencies:
repository: https://coredns.github.io/helm repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns # renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2 appVersion: v1.14.1

2
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,7 +1,7 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.14.2 tag: v1.14.1
replicaCount: 3 replicaCount: 3
resources: resources:
requests: requests:

8
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.2.0
digest: sha256:9524709cf393c01f28b0d073ef6870a2f1afd46f3bc5f564e73c55450aba8dd0 digest: sha256:2682dcbc71417a103cf4c1ed920caac5b14272b021dc579fb8a3cf2fedfa0490
generated: "2026-03-11T22:56:11.749729235Z" generated: "2026-03-03T16:10:42.029406-06:00"

6
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -18,12 +18,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.4.0 version: 0.2.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.3.3 appVersion: 1.3.1

6
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -9,7 +9,7 @@ dawarich:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.3.3 tag: 1.3.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"] command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"] args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.3.3 tag: 1.3.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"] command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"] args: ["sidekiq"]
@@ -330,7 +330,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

6
clusters/cl01tl/helm/descheduler/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: descheduler - name: descheduler
repository: https://kubernetes-sigs.github.io/descheduler/ repository: https://kubernetes-sigs.github.io/descheduler/
version: 0.35.1 version: 0.35.0
digest: sha256:ed7cc8068b83ac483fda3a781227b35e12a34abdca214b5490e7036c89db1a95 digest: sha256:afa0e5fe35f9287db619de604c82a22c3ab90dfcaa3a845ff30491e47c7a5846
generated: "2026-03-09T21:21:45.788316167Z" generated: "2026-02-19T23:03:22.794515683Z"

4
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: descheduler - name: descheduler
version: 0.35.1 version: 0.35.0
repository: https://kubernetes-sigs.github.io/descheduler/ repository: https://kubernetes-sigs.github.io/descheduler/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=kubernetes-sigs/descheduler # renovate: datasource=github-releases depName=kubernetes-sigs/descheduler
appVersion: v0.35.1 appVersion: v0.35.0

10
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
digest: sha256:0b50b4938669a7210930d6ee86a9602611b54cd13774f3386dbad04b4771e7f4 digest: sha256:081224a2297891ecb7e7306d7da895a6e7988e9a28e7244f310231f60dd9f6c8
generated: "2026-03-11T22:56:26.818980186Z" generated: "2026-03-04T00:38:19.7054203Z"

9
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -23,12 +23,11 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: redis-replication
alias: valkey version: 1.1.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.16.1 appVersion: 11.16.0

52
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -98,10 +98,10 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: directus-bucket-garage name: directus-redis-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-bucket-garage app.kubernetes.io/name: directus-redis-config
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -109,61 +109,17 @@ spec:
kind: ClusterSecretStore kind: ClusterSecretStore
name: vault name: vault
data: data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: default
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password
- secretKey: user - secretKey: user
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/redis
metadataPolicy: None metadataPolicy: None
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
conversionStrategy: Default conversionStrategy: Default
decodingStrategy: None decodingStrategy: None
key: /cl01tl/directus/valkey key: /cl01tl/directus/redis
metadataPolicy: None metadataPolicy: None
property: password property: password

11
clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-directus
labels:
app.kubernetes.io/name: ceph-bucket-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-directus
storageClassName: ceph-bucket

49
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main: main:
image: image:
repository: directus/directus repository: directus/directus
tag: 11.16.1 tag: 11.16.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
@@ -72,16 +72,16 @@ directus:
- name: REDIS_ENABLED - name: REDIS_ENABLED
value: true value: true
- name: REDIS_HOST - name: REDIS_HOST
value: directus-valkey value: redis-replication-directus-master
- name: REDIS_USERNAME - name: REDIS_USERNAME
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-valkey-config name: directus-redis-config
key: user key: user
- name: REDIS_PASSWORD - name: REDIS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-valkey-config name: directus-redis-config
key: password key: password
- name: STORAGE_LOCATIONS - name: STORAGE_LOCATIONS
value: s3 value: s3
@@ -90,22 +90,22 @@ directus:
- name: STORAGE_S3_KEY - name: STORAGE_S3_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-bucket-garage name: ceph-bucket-directus
key: ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET - name: STORAGE_S3_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-bucket-garage name: ceph-bucket-directus
key: ACCESS_SECRET_KEY key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_REGION
- name: STORAGE_S3_BUCKET - name: STORAGE_S3_BUCKET
value: directus-assets valueFrom:
configMapKeyRef:
name: ceph-bucket-directus
key: BUCKET_NAME
- name: STORAGE_S3_REGION
value: us-east-1
- name: STORAGE_S3_ENDPOINT - name: STORAGE_S3_ENDPOINT
value: http://garage-main.garage:3900 value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: STORAGE_S3_FORCE_PATH_STYLE - name: STORAGE_S3_FORCE_PATH_STYLE
value: true value: true
- name: AUTH_PROVIDERS - name: AUTH_PROVIDERS
@@ -219,7 +219,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 15 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -231,13 +231,12 @@ postgres-18-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
valkey: redis-replication:
valkey: existingSecret:
auth: enabled: true
name: directus-redis-config
key: password
redisReplication:
clusterSize: 3
sentinel:
enabled: true enabled: true
usersExistingSecret: directus-valkey-config
aclUsers:
default:
permissions: "~* &* +@all"
metrics:
enabled: false

8
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.32 version: 1.4.31
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934 digest: sha256:7447f3828246d85acd5a2a75b6d086d8fbe29ee90ad61b96dd25de8dcfefbc4e
generated: "2026-03-11T16:04:17.556777286Z" generated: "2026-03-03T18:08:31.901975101Z"

6
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.32 version: 1.4.31
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.12 appVersion: v1.12.11

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: vectorim/element-web repository: vectorim/element-web
tag: v1.12.12 tag: v1.12.11
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: external-secrets - name: external-secrets
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
version: 2.1.0 version: 2.0.1
digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245 digest: sha256:f47905e03f649c28d29f7a381799fb2df1f0a7bf122af174aeba47ba94f34847
generated: "2026-03-07T18:02:23.908145348Z" generated: "2026-02-20T19:29:28.137671934Z"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,8 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies: dependencies:
- name: external-secrets - name: external-secrets
version: 2.1.0 version: 2.0.1
repository: https://charts.external-secrets.io repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4 icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets # renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.1.0 appVersion: v2.0.1

10
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:a3703e245881145524304af8a03c89d309c602479be3f7f8953c2fba120bf341 digest: sha256:e99b942b1c28deb0c120f5dec6d8a0dae8cb9714109c40cf08054af1467bc56f
generated: "2026-03-11T22:56:41.856429843Z" generated: "2026-02-27T18:15:22.681368568Z"

6
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -23,14 +23,14 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
# renovate: datasource=github-releases depName=FreshRSS/FreshRSS # renovate: datasource=github-releases depName=FreshRSS/FreshRSS

9
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -197,7 +197,7 @@ postgres-18-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
index: 2 index: 1
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
@@ -222,7 +222,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 20 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -250,8 +250,7 @@ volsync-target-data:
enabled: true enabled: true
schedule: 18 8 * * * schedule: 18 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 18 9 * * *
external: external:
enabled: true enabled: true
schedule: 18 10 * * * schedule: 18 9 * * *

32
clusters/cl01tl/helm/garage/templates/service.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: garage-main
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-main
app.kubernetes.io/service: garage-main
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
ports:
- name: admin
port: 3903
protocol: TCP
targetPort: 3903
- name: rpc
port: 3901
protocol: TCP
targetPort: 3901
- name: s3
port: 3900
protocol: TCP
targetPort: 3900
- name: web
port: 3902
protocol: TCP
targetPort: 3902
selector:
app.kubernetes.io/instance: garage
app.kubernetes.io/name: garage
garage-type: server

28
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -118,9 +118,9 @@ garage:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: API_BASE_URL - name: API_BASE_URL
value: http://garage-main.garage:3903 value: http://garage-1.garage:3903
- name: S3_ENDPOINT_URL - name: S3_ENDPOINT_URL
value: http://garage-main.garage:3900 value: http://garage-1.garage:3900
- name: API_ADMIN_KEY - name: API_ADMIN_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -225,6 +225,26 @@ garage:
api_bind_addr = "[::]:3903" api_bind_addr = "[::]:3903"
metrics_require_token = true metrics_require_token = true
service: service:
garage-main:
forceRename: garage-main
controller: server-2
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol : HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-1: server-1:
forceRename: garage-1 forceRename: garage-1
controller: server-1 controller: server-1
@@ -302,8 +322,8 @@ garage:
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints: endpoints:
- port: admin - port: admin
interval: 5m interval: 1m
scrapeTimeout: 2m scrapeTimeout: 30s
path: /metrics path: /metrics
bearerTokenSecret: bearerTokenSecret:
name: garage-token-secret name: garage-token-secret

8
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0 version: 1.5.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:2fe7c088e99a11e0c6dd09fe48bb1e292eb58e22d9f8ff681bb6c6790945d54e digest: sha256:d7790fe1459aecff41e33719556aa370a3b5c3b4ae7c414268665c63ad3952f3
generated: "2026-03-11T22:56:56.957400817Z" generated: "2026-02-27T18:15:37.998212393Z"

4
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -22,11 +22,11 @@ dependencies:
version: 1.5.0 version: 1.5.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
# renovate: datasource=github-releases depName=TwiN/gatus # renovate: datasource=github-releases depName=TwiN/gatus

12
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -137,9 +137,6 @@ gatus:
- name: yamtrack - name: yamtrack
url: https://yamtrack.alexlebens.net url: https://yamtrack.alexlebens.net
<<: *defaults <<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin - name: jellyfin
url: https://jellyfin.alexlebens.net url: https://jellyfin.alexlebens.net
<<: *defaults <<: *defaults
@@ -430,7 +427,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 25 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -446,10 +443,9 @@ volsync-target-data:
pvcTarget: gatus pvcTarget: gatus
local: local:
enabled: true enabled: true
schedule: 20 8 * * * schedule: 22 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 20 9 * * *
external: external:
enabled: true enabled: true
schedule: 20 10 * * * schedule: 22 9 * * *

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.21 version: 0.20.20
digest: sha256:4f1359a01b8b85722ab1805426a86f3ea64d0134513ce14fe9c55f3f918a21fb digest: sha256:8841709955381394b6304b7c53345692517e419c197ddc59b66a505ae742ec04
generated: "2026-03-09T23:02:42.799515974Z" generated: "2026-03-03T03:03:20.457381608Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies: dependencies:
- name: generic-device-plugin - name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.21 version: 0.20.20
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0 appVersion: 1.0.0

20
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -7,21 +7,21 @@ dependencies:
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.27.0 version: 0.26.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: https://valkey.io/valkey-helm
version: 0.4.0 version: 0.9.3
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:8f243465537fe443e97a8813e23e95d3608a6a2898b93209d03cf43f4ca8cc5d digest: sha256:9d89745fb4c694706585f7bf6652a45307ad3e528f0f6bd0225ed44282567438
generated: "2026-03-11T22:57:17.026946319Z" generated: "2026-03-04T00:38:48.956491426Z"

20
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -33,27 +33,27 @@ dependencies:
repository: https://dl.gitea.com/charts/ repository: https://dl.gitea.com/charts/
version: 0.0.3 version: 0.0.3
- name: meilisearch - name: meilisearch
version: 0.27.0 version: 0.26.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: redis-replication
alias: valkey-gitea alias: redis-replication-gitea
version: 0.4.0 version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-renovate alias: valkey-renovate
version: 0.4.0 version: 0.9.3
repository: oci://harbor.alexlebens.net/helm-charts repository: https://valkey.io/valkey-helm
- name: volsync-target - name: volsync-target
alias: volsync-target-storage alias: volsync-target-storage
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea # renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5 appVersion: 1.25.4

52
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -4,7 +4,7 @@ gitea:
replicaCount: 3 replicaCount: 3
image: image:
repository: gitea/gitea repository: gitea/gitea
tag: 1.25.5 tag: 1.25.4
service: service:
http: http:
type: ClusterIP type: ClusterIP
@@ -70,13 +70,13 @@ gitea:
cache: cache:
ENABLED: true ENABLED: true
ADAPTER: redis ADAPTER: redis
HOST: redis://gitea-valkey.gitea:6379 HOST: redis://redis-replication-gitea-master.gitea:6379
queue: queue:
TYPE: redis TYPE: redis
CONN_STR: redis://gitea-valkey.gitea:6379 CONN_STR: redis://redis-replication-gitea-master.gitea:6379
session: session:
PROVIDER: redis PROVIDER: redis
PROVIDER_CONFIG: redis://gitea-valkey.gitea:6379 PROVIDER_CONFIG: redis://redis-replication-gitea-master.gitea:6379
indexer: indexer:
ISSUE_INDEXER_ENABLED: true ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: meilisearch ISSUE_INDEXER_TYPE: meilisearch
@@ -145,7 +145,7 @@ gitea-actions:
log: log:
level: debug level: debug
cache: cache:
enabled: true enabled: false
runner: runner:
labels: labels:
- "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04" - "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
@@ -222,7 +222,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 7 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -234,22 +234,40 @@ postgres-18-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
valkey-gitea: redis-replication-gitea:
valkey: replicationNameOverride: redis-replication-gitea
redisReplication:
clusterSize: 3
resources: resources:
requests: requests:
cpu: 20m cpu: 20m
memory: 256Mi memory: 400Mi
dataStorage: volumeClaimTemplate:
requestedSize: 10Gi spec:
replica: resources:
persistence: requests:
size: 10Gi storage: 10Gi
sentinel:
enabled: true
valkey-renovate: valkey-renovate:
valkey: image:
nameOverride: valkey-renovate registry: ghcr.io
repository: valkey-io/valkey
tag: 9.0.3-alpine
resources:
requests:
cpu: 10m
memory: 32Mi
dataStorage:
enabled: false
replica: replica:
enabled: false enabled: false
metrics:
enabled: true
serviceMonitor:
enabled: true
podMonitor:
enabled: true
volsync-target-storage: volsync-target-storage:
pvcTarget: gitea-shared-storage pvcTarget: gitea-shared-storage
moverSecurityContext: moverSecurityContext:
@@ -259,7 +277,7 @@ volsync-target-storage:
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 0 0 7 * * * schedule: 0 0 0 * * *
restic: restic:
pruneIntervalDays: 3 pruneIntervalDays: 3
retain: retain:

16
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies: dependencies:
- name: grafana-operator - name: grafana-operator
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
version: 5.22.1 version: 5.22.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
digest: sha256:932d9b24ad52ab2a28311f522714ecbad2bedea512ce48d26fcb95cc74b51af9 digest: sha256:ad859d46d684dcb166896c336d899da35bad32dc12ec64e327fbd366c77d81d7
generated: "2026-03-14T19:50:53.708173087Z" generated: "2026-03-04T00:39:30.940857832Z"

18
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -17,20 +17,20 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: grafana-operator - name: grafana-operator
version: 5.22.1 version: 5.22.0
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: redis-replication
alias: valkey-unified-alerting alias: redis-replication-unified-alerting
version: 0.4.0 version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: redis-replication
alias: valkey-remote-cache alias: redis-replication-remote-cache
version: 0.4.0 version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator # renovate: datasource=github-releases depName=grafana/grafana-operator
appVersion: v5.22.1 appVersion: v5.22.0

38
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -301,6 +301,44 @@ spec:
resyncPeriod: 1h resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/harbor.json url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/harbor.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-redis-replication
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-redis-replication
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/redis-replication.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-redis-operator
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-redis-operator
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/redis-operator.json
--- ---
apiVersion: grafana.integreatly.org/v1beta1 apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard kind: GrafanaDashboard

4
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -45,10 +45,10 @@ spec:
password: ${DB_PASSWORD} password: ${DB_PASSWORD}
remote_cache: remote_cache:
type: redis type: redis
connstr: addr=grafana-operator-valkey-remote-cache.grafana-operator:6379,pool_size=100,db=0,ssl=false connstr: addr=redis-replication-remote-cache-master.grafana-operator:6379,pool_size=100,db=0,ssl=false
unified_alerting: unified_alerting:
enabled: "true" enabled: "true"
ha_redis_address: grafana-operator-valkey-unified-alerting.grafana-operator:6379 ha_redis_address: redis-replication-unified-alerting-master.grafana-operator:6379
deployment: deployment:
spec: spec:
replicas: 3 replicas: 3

20
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -42,7 +42,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 30 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -54,11 +54,13 @@ postgres-18-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
valkey-unified-alerting: redis-replication-unified-alerting:
valkey: replicationNameOverride: redis-replication-unified-alerting
nameOverride: valkey-unified-alerting redisReplication:
valkey-remote-cache: clusterSize: 3
valkey: sentinel:
nameOverride: valkey-remote-cache enabled: true
replica: redis-replication-remote-cache:
enabled: false replicationNameOverride: redis-replication-remote-cache
redisReplication:
clusterSize: 1

10
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.2 version: 1.18.2
- name: postgres-cluster - name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.9.1 version: 7.8.0
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
digest: sha256:898f51eabee5959b9e7ebe90640cb915cb2dee446e6a6649a29499fecab8b6c7 digest: sha256:5ed0bf7a628fafdf2adc742b80ba900fd836e56682e9c3c37c4959cc56a91e4b
generated: "2026-03-11T22:58:00.955579445Z" generated: "2026-03-04T00:40:00.093022723Z"

9
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -21,12 +21,11 @@ dependencies:
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey - name: redis-replication
alias: valkey version: 1.1.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor # renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.14.3 appVersion: v2.14.2

23
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -41,12 +41,12 @@ harbor:
portal: portal:
image: image:
repository: goharbor/harbor-portal repository: goharbor/harbor-portal
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
core: core:
image: image:
repository: goharbor/harbor-core repository: goharbor/harbor-core
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
existingSecret: harbor-secret existingSecret: harbor-secret
secretName: harbor-secret secretName: harbor-secret
@@ -54,7 +54,7 @@ harbor:
jobservice: jobservice:
image: image:
repository: goharbor/harbor-jobservice repository: goharbor/harbor-jobservice
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
jobLoggers: jobLoggers:
- stdout - stdout
@@ -63,11 +63,11 @@ harbor:
registry: registry:
image: image:
repository: goharbor/registry-photon repository: goharbor/registry-photon
tag: v2.14.3 tag: v2.14.2
controller: controller:
image: image:
repository: goharbor/harbor-registryctl repository: goharbor/harbor-registryctl
tag: v2.14.3 tag: v2.14.2
existingSecret: harbor-secret existingSecret: harbor-secret
relativeurls: true relativeurls: true
credentials: credentials:
@@ -90,18 +90,18 @@ harbor:
redis: redis:
type: external type: external
external: external:
addr: harbor-valkey.harbor:6379 addr: "redis-replication-harbor-master.harbor:6379"
exporter: exporter:
image: image:
repository: goharbor/harbor-exporter repository: goharbor/harbor-exporter
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
index: 2 index: 1
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
@@ -126,7 +126,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 35 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -138,3 +138,8 @@ postgres-18-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
redis-replication:
redisReplication:
clusterSize: 3
sentinel:
enabled: true

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: headlamp - name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.40.1 version: 0.40.0
digest: sha256:723a57d6fe86a124b8bae7dfc1dde0c2abd60021837826b486054df00551dc03 digest: sha256:b7f8f176f8c4902130e87660adb39211fd5ca454f89f5a7e9ed577cd4c3a2255
generated: "2026-03-14T15:02:53.184950913Z" generated: "2026-02-05T18:23:45.100522813Z"

2
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: headlamp - name: headlamp
version: 0.40.1 version: 0.40.0
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp # renovate: datasource=github-releases depName=headlamp-k8s/headlamp

2
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -8,8 +8,6 @@ headlamp:
enabled: true enabled: true
name: headlamp-oidc-secret name: headlamp-oidc-secret
watchPlugins: true watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

6
clusters/cl01tl/helm/home-assistant/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:dc33c006806b1ac93403a6e77c12e013cac6cf64586bc1d26c54841e6ddf7d2c digest: sha256:2ba5b6579e7296d663fd0dcb7dfb4fea67142413801f6fbc4125a0e731b45210
generated: "2026-03-06T01:08:23.774548766Z" generated: "2026-01-16T18:46:42.940648748Z"

4
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -21,8 +21,8 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core # renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.3.1 appVersion: 2026.3.0

11
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main: main:
image: image:
repository: ghcr.io/home-assistant/home-assistant repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.1 tag: 2026.3.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272 tag: 4.109.5@sha256:aa43fb2fc31127e9d2166e903c7f13792351e38658ba29645662a89ff04ff90d
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -134,10 +134,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 22 8 * * * schedule: 24 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 22 9 * * *
external: external:
enabled: true enabled: true
schedule: 22 10 * * * schedule: 24 9 * * *

2
clusters/cl01tl/helm/homepage/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage # renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.11.0 appVersion: v1.10.1

44
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -16,7 +16,7 @@ homepage:
main: main:
image: image:
repository: ghcr.io/gethomepage/homepage repository: ghcr.io/gethomepage/homepage
tag: v1.11.0 tag: v1.10.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: HOMEPAGE_ALLOWED_HOSTS - name: HOMEPAGE_ALLOWED_HOSTS
@@ -36,24 +36,6 @@ homepage:
config: config:
enabled: true enabled: true
data: data:
custom.css: |
html {
font-size: 18px;
}
ul#myTab {
background-color: rgba(240, 230, 215, 0.12) !important;
color: white !important;
}
li.service div.service-card,
li.bookmark a.rounded-md {
color: white !important;
background-color: rgba(240, 230, 215, 0.12) !important;
transition: all 150ms ease !important;
}
li.service div.service-card:hover,
li.bookmark a.rounded-md:hover {
background-color: rgba(240, 230, 215, 0.18) !important;
}
docker.yaml: "" docker.yaml: ""
kubernetes.yaml: | kubernetes.yaml: |
mode: cluster mode: cluster
@@ -61,10 +43,10 @@ homepage:
favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg favicon: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/logo-new-round.svg
headerStyle: clean headerStyle: clean
hideVersion: true hideVersion: true
cardBlur: xs
color: slate color: slate
background: background:
image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg image: https://web-assets-3bfcb5585cbd63dc365d32a3.nyc3.cdn.digitaloceanspaces.com/alexlebens-net/background.jpg
brightness: 70
theme: dark theme: dark
disableCollapse: true disableCollapse: true
layout: layout:
@@ -160,12 +142,6 @@ homepage:
href: https://yamtrack.alexlebens.net href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80 siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot statusStyle: dot
- Movie Roulette:
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
description: Movie Roulette
href: https://movie-roulette.alexlebens.net
siteMonitor: http://movie-roulette.movie-roulette:80
statusStyle: dot
- Movies and TV: - Movies and TV:
icon: sh-jellyfin.webp icon: sh-jellyfin.webp
description: Jellyfin description: Jellyfin
@@ -851,10 +827,10 @@ homepage:
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /app/config/custom.css - path: /app/config/bookmarks.yaml
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: custom.css subPath: bookmarks.yaml
- path: /app/config/docker.yaml - path: /app/config/docker.yaml
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
@@ -863,6 +839,10 @@ homepage:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: kubernetes.yaml subPath: kubernetes.yaml
- path: /app/config/services.yaml
readOnly: true
mountPropagation: None
subPath: services.yaml
- path: /app/config/settings.yaml - path: /app/config/settings.yaml
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
@@ -871,11 +851,3 @@ homepage:
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: widgets.yaml subPath: widgets.yaml
- path: /app/config/services.yaml
readOnly: true
mountPropagation: None
subPath: services.yaml
- path: /app/config/bookmarks.yaml
readOnly: true
mountPropagation: None
subPath: bookmarks.yaml

12
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 1.1.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:b886b0a1555ea75fbff52a58ccbf1659acbda20e933107bcbab9b00192aa25bd digest: sha256:8c204b4e38b60693c1ed5a80ea441567bc074aebf3282591b987087024ecd3bc
generated: "2026-03-11T22:58:20.294240859Z" generated: "2026-03-04T00:40:31.462721535Z"

9
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -20,15 +20,14 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: redis-replication
alias: valkey version: 1.1.0
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich # renovate: datasource=github-releases depName=immich-app/immich

16
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -19,7 +19,7 @@ immich:
- name: IMMICH_CONFIG_FILE - name: IMMICH_CONFIG_FILE
value: /config/immich.json value: /config/immich.json
- name: REDIS_HOSTNAME - name: REDIS_HOSTNAME
value: immich-valkey value: redis-replication-immich-master
- name: DB_VECTOR_EXTENSION - name: DB_VECTOR_EXTENSION
value: vectorchord value: vectorchord
- name: DB_HOSTNAME - name: DB_HOSTNAME
@@ -209,7 +209,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 40 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -221,20 +221,26 @@ postgres-18-cluster:
# immediate: true # immediate: true
# schedule: "0 0 0 * * *" # schedule: "0 0 0 * * *"
# backupName: external # backupName: external
redis-replication:
redisReplication:
clusterSize: 3
sentinel:
enabled: true
volsync-target-data: volsync-target-data:
pvcTarget: immich pvcTarget: immich
local: local:
enabled: true enabled: true
schedule: 24 8 * * * schedule: 28 8 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
remote: remote:
enabled: true enabled: true
schedule: 24 9 * * * schedule: 28 10 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
external: external:
enabled: true enabled: true
schedule: 24 10 * * * schedule: 28 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi

8
clusters/cl01tl/helm/jellyfin/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.27.0 version: 0.26.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:ca384647a640ae717ac874a2627f00ac9a1e5c97ff5eeb8f326ebdd471ab1623 digest: sha256:68e88cb0f8b9569d8b53dcc63d47c31320aa0f10173eb938e5b56e8b84b0caec
generated: "2026-03-09T15:04:08.648165537Z" generated: "2026-03-04T00:24:27.958585796Z"

4
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -25,11 +25,11 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.27.0 version: 0.26.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png
# renovate: datasource=github-releases depName=jellyfin/jellyfin # renovate: datasource=github-releases depName=jellyfin/jellyfin

6
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -143,16 +143,14 @@ volsync-target-config:
pvcTarget: jellyfin-config pvcTarget: jellyfin-config
local: local:
enabled: true enabled: true
schedule: 26 8 * * * schedule: 30 8 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
remote: remote:
enabled: true
schedule: 26 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
external: external:
enabled: true enabled: true
schedule: 26 10 * * * schedule: 30 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi

8
clusters/cl01tl/helm/jellystat/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:29b92b08c230d5f3abc13949b299acccd1e9f8ff7df1f691a5dec41df5405595 digest: sha256:34b82ccec2d4666175e0952d03f9467e3966c1a9a15661c6ceeed2b492c9d82d
generated: "2026-03-11T22:58:35.766813121Z" generated: "2026-02-27T18:16:58.512565338Z"

4
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -21,11 +21,11 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
# renovate: datasource=github-releases depName=CyferShepard/Jellystat # renovate: datasource=github-releases depName=CyferShepard/Jellystat

9
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -129,7 +129,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 45 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -145,10 +145,9 @@ volsync-target-data:
pvcTarget: jellystat-data pvcTarget: jellystat-data
local: local:
enabled: true enabled: true
schedule: 28 8 * * * schedule: 32 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 28 9 * * *
external: external:
enabled: true enabled: true
schedule: 28 10 * * * schedule: 32 9 * * *

10
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.27.0 version: 0.26.0
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.7.0
digest: sha256:75f92316d4b6229d00e3dfa39ed5026ad39a28f833321cd3887a2048cdac34c7 digest: sha256:771c49ed1981152cc94725f772eb30e973410b858dcc6e9f335054934649347d
generated: "2026-03-09T22:04:48.630821646Z" generated: "2026-03-04T00:24:56.137773017Z"

6
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -22,14 +22,14 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: meilisearch - name: meilisearch
version: 0.27.0 version: 0.26.0
repository: https://meilisearch.github.io/meilisearch-kubernetes repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.3.0
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
version: 0.8.0 version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
# renovate: datasource=github-releases depName=karakeep-app/karakeep # renovate: datasource=github-releases depName=karakeep-app/karakeep

37
clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
View File

@@ -57,43 +57,6 @@ spec:
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-bucket-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-bucket-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_REGION
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret

11
clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-karakeep
labels:
app.kubernetes.io/name: ceph-bucket-karakeep
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-karakeep
storageClassName: ceph-bucket

27
clusters/cl01tl/helm/karakeep/values.yaml
View File

@@ -29,24 +29,24 @@ karakeep:
name: karakeep-key-secret name: karakeep-key-secret
key: prometheus-token key: prometheus-token
- name: ASSET_STORE_S3_ENDPOINT - name: ASSET_STORE_S3_ENDPOINT
value: http://garage-main.garage:3900 value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: ASSET_STORE_S3_REGION - name: ASSET_STORE_S3_REGION
valueFrom: value: us-east-1
secretKeyRef:
name: karakeep-bucket-garage
key: ACCESS_REGION
- name: ASSET_STORE_S3_BUCKET - name: ASSET_STORE_S3_BUCKET
value: karakeep-assets valueFrom:
configMapKeyRef:
name: ceph-bucket-karakeep
key: BUCKET_NAME
- name: ASSET_STORE_S3_ACCESS_KEY_ID - name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-bucket-garage name: ceph-bucket-karakeep
key: ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: ASSET_STORE_S3_SECRET_ACCESS_KEY - name: ASSET_STORE_S3_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-bucket-garage name: ceph-bucket-karakeep
key: ACCESS_SECRET_KEY key: AWS_SECRET_ACCESS_KEY
- name: ASSET_STORE_S3_FORCE_PATH_STYLE - name: ASSET_STORE_S3_FORCE_PATH_STYLE
value: true value: true
- name: MEILI_ADDR - name: MEILI_ADDR
@@ -172,10 +172,9 @@ volsync-target-data:
pvcTarget: karakeep pvcTarget: karakeep
local: local:
enabled: true enabled: true
schedule: 30 8 * * * schedule: 34 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 30 9 * * *
external: external:
enabled: true enabled: true
schedule: 30 10 * * * schedule: 34 9 * * *

6
clusters/cl01tl/helm/komodo/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
digest: sha256:833a88f82c14f78d63abea99244f2473bee2f5124a533a898a34844956f62b27 digest: sha256:dd1ccfe8d0bfc7248141d2f72806c6437572f21d818941e9071f58d1a0a47259
generated: "2026-03-11T22:58:51.287064579Z" generated: "2026-02-27T18:17:12.586352018Z"

Some files were not shown because too many files have changed in this diff Show More