Compare commits
1 Commits
main
...
4e7f176a7f
| Author | SHA1 | Date | |
|---|---|---|---|
4e7f176a7f
|
@@ -14,7 +14,7 @@ on:
|
||||
- 'hosts/**'
|
||||
|
||||
env:
|
||||
BASE_BRANCH: "origin/${{ github.base_ref }}"
|
||||
BASE_BRANCH: "origin/${{ gitea.base_ref }}"
|
||||
|
||||
jobs:
|
||||
lint-docker-compose:
|
||||
@@ -36,20 +36,19 @@ jobs:
|
||||
id: branch-exists
|
||||
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
|
||||
run: |
|
||||
if [ "${{ github.event_name }}" == "push" ]; then
|
||||
if [ ${{ github.event_name == 'push' }} ]; then
|
||||
echo ">> Action is from a push event, will continue with linting"
|
||||
|
||||
else
|
||||
echo ">> Branch ${{ github.base_ref }} exists, will continue with linting"
|
||||
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "exists=true" >> $GITHUB_OUTPUT
|
||||
echo "exists=true" >> $GITEA_OUTPUT
|
||||
|
||||
- name: Set Up Node.js
|
||||
- name: Set up Node.js
|
||||
if: steps.branch-exists.outputs.exists == 'true'
|
||||
uses: actions/setup-node@v6
|
||||
with:
|
||||
@@ -59,48 +58,58 @@ jobs:
|
||||
id: check-dir-changes
|
||||
if: steps.branch-exists.outputs.exists == 'true'
|
||||
run: |
|
||||
CHANGED_COMPOSE=()
|
||||
|
||||
echo ">> Target branch for diff is: ${BASE_BRANCH}"
|
||||
|
||||
if [ "${{ github.event_name }}" == "pull_request" ]; then
|
||||
DIFF_TARGET="${BASE_BRANCH}"
|
||||
echo ""
|
||||
echo ">> Checking for changes in a pull request ..."
|
||||
|
||||
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
|
||||
else
|
||||
DIFF_TARGET="${{ github.event.before }}..HEAD"
|
||||
echo ""
|
||||
echo ">> Checking for changes from a push ..."
|
||||
|
||||
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
|
||||
fi
|
||||
|
||||
CHANGED_COMPOSE=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^hosts/[^/]+/[^/]+/" | cut -d/ -f1,2,3 | sort -u || true)
|
||||
if [ -n "${GIT_DIFF}" ]; then
|
||||
echo ""
|
||||
echo ">> Changes detected:"
|
||||
echo "$GIT_DIFF"
|
||||
|
||||
for path in $GIT_DIFF; do
|
||||
if echo "$path" | grep -q -E "hosts/[^/]+/[^/]+"; then
|
||||
echo ""
|
||||
echo ">> Adding path: $path"
|
||||
CHANGED_COMPOSE+=$(echo "$path")
|
||||
CHANGED_COMPOSE+=$(echo " ")
|
||||
fi
|
||||
done
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No changes detected"
|
||||
|
||||
fi
|
||||
|
||||
if [ -n "${CHANGED_COMPOSE}" ]; then
|
||||
echo ""
|
||||
echo ">> Compose to Lint:"
|
||||
echo ""
|
||||
echo "${CHANGED_COMPOSE}"
|
||||
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)"
|
||||
|
||||
CHANGED_COMPOSE_CSV=$(echo "$CHANGED_COMPOSE" | paste -sd ',' -)
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> $GITHUB_OUTPUT
|
||||
echo "compose-dir-csv=${CHANGED_COMPOSE_CSV}" >> $GITHUB_OUTPUT
|
||||
echo "compose-dir<<EOF" >> $GITHUB_OUTPUT
|
||||
echo "${CHANGED_COMPOSE}" >> $GITHUB_OUTPUT
|
||||
echo "EOF" >> $GITHUB_OUTPUT
|
||||
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
echo "compose-dir<<EOF" >> $GITEA_OUTPUT
|
||||
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT
|
||||
echo "EOF" >> $GITEA_OUTPUT
|
||||
else
|
||||
echo ""
|
||||
echo ">> Did not find any docker compose files to lint"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=false" >> $GITHUB_OUTPUT
|
||||
|
||||
echo "changes-detected=false" >> $GITEA_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Lint Docker Compose
|
||||
@@ -108,28 +117,25 @@ jobs:
|
||||
env:
|
||||
CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
|
||||
run: |
|
||||
echo ">> Running dclint on changed compose files ..."
|
||||
|
||||
for COMPOSE in $CHANGED_COMPOSE; do
|
||||
echo ">> Linting ${COMPOSE} ..."
|
||||
npx dclint ${COMPOSE}
|
||||
echo ">> Running dclint on changed compose files:"
|
||||
echo "$CHANGED_COMPOSE"
|
||||
|
||||
for compose in $CHANGED_COMPOSE; do
|
||||
echo ">> Linting $compose ..."
|
||||
npx dclint $compose
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Docker Compose Test Failure'
|
||||
title: 'Test Failure - Infrastructure'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: "Docker linting for compose dirs: ${{ steps.check-dir-changes.outputs.compose-dir-csv }}"
|
||||
details: 'Docker linting on Pull Request for Infrastructure has failed!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker.yaml", "clear": true}]'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
|
||||
image: true
|
||||
|
||||
@@ -15,7 +15,7 @@ on:
|
||||
|
||||
env:
|
||||
CLUSTER: cl01tl
|
||||
BASE_BRANCH: "origin/${{ github.base_ref }}"
|
||||
BASE_BRANCH: "origin/${{ gitea.base_ref }}"
|
||||
|
||||
jobs:
|
||||
lint-helm:
|
||||
@@ -31,26 +31,25 @@ jobs:
|
||||
if: github.event_name == 'pull_request'
|
||||
uses: GuillaumeFalourd/branch-exists@v1.1
|
||||
with:
|
||||
branch: ${{ github.base_ref }}
|
||||
branch: ${{ gitea.base_ref }}
|
||||
|
||||
- name: Report Branch Exists
|
||||
id: branch-exists
|
||||
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
|
||||
run: |
|
||||
if [ "${{ github.event_name }}" == "push" ]; then
|
||||
if [ ${{ github.event_name == 'push' }} ]; then
|
||||
echo ">> Action is from a push event, will continue with linting"
|
||||
|
||||
else
|
||||
echo ">> Branch ${{ github.base_ref }} exists, will continue with linting"
|
||||
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "exists=true" >> $GITHUB_OUTPUT
|
||||
echo "exists=true" >> $GITEA_OUTPUT
|
||||
|
||||
- name: Set Up Helm
|
||||
- name: Set up Helm
|
||||
if: steps.branch-exists.outputs.exists == 'true'
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
@@ -58,63 +57,62 @@ jobs:
|
||||
version: v3.19.2
|
||||
cache: true
|
||||
|
||||
- name: Cache Helm Dependencies
|
||||
if: steps.branch-exists.outputs.exists == 'true'
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.cache/helm
|
||||
~/.config/helm
|
||||
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
restore-keys: |
|
||||
helm-cache-${{ runner.os }}-
|
||||
|
||||
- name: Check Directories for Changes
|
||||
id: check-dir-changes
|
||||
if: steps.branch-exists.outputs.exists == 'true'
|
||||
run: |
|
||||
CHANGED_CHARTS=()
|
||||
|
||||
echo ">> Target branch for diff is: ${BASE_BRANCH}"
|
||||
|
||||
if [ "${{ github.event_name }}" == "pull_request" ]; then
|
||||
DIFF_TARGET="${BASE_BRANCH}"
|
||||
echo ""
|
||||
echo ">> Checking for changes in a pull request ..."
|
||||
|
||||
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
|
||||
else
|
||||
DIFF_TARGET="${{ github.event.before }}..HEAD"
|
||||
echo ""
|
||||
echo ">> Checking for changes from a push ..."
|
||||
|
||||
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
|
||||
fi
|
||||
|
||||
CHANGED_CHARTS=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
|
||||
if [ -n "${GIT_DIFF}" ]; then
|
||||
echo ""
|
||||
echo ">> Changes detected:"
|
||||
echo "$GIT_DIFF"
|
||||
|
||||
for path in $GIT_DIFF; do
|
||||
if echo "$path" | grep -q -E "clusters/[^/]+/helm/[^/]+"; then
|
||||
echo ""
|
||||
echo ">> Adding path: $path"
|
||||
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
|
||||
CHANGED_CHARTS+=$(echo "\n")
|
||||
fi
|
||||
done
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No changes detected"
|
||||
|
||||
fi
|
||||
|
||||
if [ -n "${CHANGED_CHARTS}" ]; then
|
||||
echo ""
|
||||
echo ">> Chart to Lint:"
|
||||
echo ""
|
||||
echo "${CHANGED_CHARTS}"
|
||||
echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
|
||||
|
||||
CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> $GITHUB_OUTPUT
|
||||
echo "chart-dir-csv=${CHANGED_CHARTS_CSV}" >> $GITHUB_OUTPUT
|
||||
echo "chart-dir<<EOF" >> $GITHUB_OUTPUT
|
||||
echo "${CHANGED_CHARTS}" >> $GITHUB_OUTPUT
|
||||
echo "EOF" >> $GITHUB_OUTPUT
|
||||
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
echo "chart-dir<<EOF" >> $GITEA_OUTPUT
|
||||
echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
|
||||
echo "EOF" >> $GITEA_OUTPUT
|
||||
else
|
||||
echo ""
|
||||
echo ">> Did not find any helm charts files to lint"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=false" >> $GITHUB_OUTPUT
|
||||
|
||||
echo "changes-detected=false" >> $GITEA_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Add Repositories
|
||||
@@ -123,32 +121,26 @@ jobs:
|
||||
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
|
||||
run: |
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
echo ""
|
||||
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
|
||||
| tail -n +2 \
|
||||
| awk 'NF > 0 { print $1, $3 }' \
|
||||
| while read -r REPO_NAME REPO_URL; do
|
||||
if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
|
||||
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
|
||||
for dir in ${CHANGED_CHARTS}; do
|
||||
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/$dir 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do
|
||||
if [[ "$cmd" == "*oci://*" ]]; then
|
||||
echo ">> Ignoring OCI repo"
|
||||
else
|
||||
echo ">> Command: $cmd"
|
||||
echo "$cmd" | sh;
|
||||
fi
|
||||
|
||||
done || true
|
||||
done
|
||||
|
||||
if helm repo list > /dev/null 2>&1; then
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ""
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
- name: Lint Helm Chart
|
||||
@@ -156,35 +148,29 @@ jobs:
|
||||
env:
|
||||
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
|
||||
run: |
|
||||
EXIT_CODE=0
|
||||
|
||||
echo ">> Running linting on changed charts ..."
|
||||
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
CHART_NAME=$(basename "${CHART_PATH}")
|
||||
for dir in ${CHANGED_CHARTS}; do
|
||||
chart_path=clusters/${CLUSTER}/helm/$dir
|
||||
chart_name=$(basename "$chart_path")
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
echo ""
|
||||
echo ">> Building helm dependency for ${CHART_NAME} ..."
|
||||
helm dependency build "${CHART_PATH}" --skip-refresh
|
||||
if [ -f "$chart_path/Chart.yaml" ]; then
|
||||
cd $chart_path
|
||||
|
||||
echo ""
|
||||
echo ">> Linting helm chart ${CHART_NAME} ..."
|
||||
helm lint "${CHART_PATH}" --namespace "default" || EXIT_CODE=1
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh
|
||||
|
||||
echo ""
|
||||
echo ">> Linting helm ..."
|
||||
helm lint --namespace "$chart_name"
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
|
||||
fi
|
||||
|
||||
done
|
||||
|
||||
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
exit $EXIT_CODE
|
||||
fi
|
||||
done
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
@@ -192,11 +178,11 @@ jobs:
|
||||
with:
|
||||
url: '${{ secrets.NTFY_URL }}'
|
||||
topic: '${{ secrets.NTFY_TOPIC }}'
|
||||
title: 'Helm Test Failure'
|
||||
title: 'Test Failure - Infrastructure'
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: "Helm linting for cluster '${CLUSTER}' with charts: ${{ steps.check-dir-changes.outputs.chart-dir-csv }}"
|
||||
details: 'Helm linting on Pull Request for Infrastructure has failed!'
|
||||
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm.yaml", "clear": true}]'
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
|
||||
image: true
|
||||
|
||||
@@ -1,14 +1,13 @@
|
||||
name: render-manifests-automerge
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
# pull_request:
|
||||
# branches:
|
||||
# - main
|
||||
# paths:
|
||||
# - 'clusters/cl01tl/helm/**'
|
||||
# types:
|
||||
# - closed
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'clusters/cl01tl/helm/**'
|
||||
types:
|
||||
- closed
|
||||
|
||||
env:
|
||||
CLUSTER: cl01tl
|
||||
@@ -47,16 +46,6 @@ jobs:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Cache Helm Dependencies
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.cache/helm
|
||||
~/.config/helm
|
||||
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
restore-keys: |
|
||||
helm-cache-${{ runner.os }}-
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
id: prepare-manifest-branch
|
||||
run: |
|
||||
@@ -64,12 +53,10 @@ jobs:
|
||||
|
||||
BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
|
||||
|
||||
echo ""
|
||||
echo ">> Configure git to use gitea-bot as user ..."
|
||||
git config user.name "gitea-bot"
|
||||
git config user.email "gitea-bot@alexlebens.net"
|
||||
|
||||
echo ""
|
||||
echo ">> Creating branch ..."
|
||||
git checkout -b $BRANCH_NAME
|
||||
|
||||
@@ -80,31 +67,38 @@ jobs:
|
||||
- name: Check which Directories have Changes
|
||||
id: check-dir-changes
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
RENDER_DIR=()
|
||||
|
||||
echo ""
|
||||
echo ">> Checking for changes from HEAD^..HEAD ..."
|
||||
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
|
||||
|
||||
# Extract the chart names from the git diff
|
||||
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
|
||||
if [ -n "${GIT_DIFF}" ]; then
|
||||
echo ">> Changes detected:"
|
||||
echo "$GIT_DIFF"
|
||||
for path in $GIT_DIFF; do
|
||||
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
|
||||
RENDER_DIR+=$(echo " ")
|
||||
done
|
||||
|
||||
else
|
||||
echo ">> No changes detected"
|
||||
|
||||
fi
|
||||
|
||||
if [ -n "${RENDER_DIR}" ]; then
|
||||
echo ""
|
||||
echo ">> Directories to Render:"
|
||||
echo "${RENDER_DIR}"
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> "$GITEA_OUTPUT"
|
||||
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
|
||||
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
|
||||
echo "EOF" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
echo "render-dir<<EOF" >> $GITEA_OUTPUT
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
|
||||
echo "EOF" >> $GITEA_OUTPUT
|
||||
else
|
||||
echo ""
|
||||
echo ">> No chart changes detected"
|
||||
echo "changes-detected=false" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=false" >> $GITEA_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Add Repositories
|
||||
@@ -112,31 +106,25 @@ jobs:
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
|
||||
| tail -n +2 \
|
||||
| awk 'NF > 0 { print $1, $3 }' \
|
||||
| while read -r REPO_NAME REPO_URL; do
|
||||
if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
echo ""
|
||||
echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
|
||||
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
|
||||
for dir in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do
|
||||
if [[ "$cmd" == "*oci://*" ]]; then
|
||||
echo ">> Ignoring OCI repo"
|
||||
else
|
||||
echo "$cmd" | sh;
|
||||
fi
|
||||
done || true
|
||||
done
|
||||
|
||||
if helm repo list > /dev/null 2>&1; then
|
||||
echo ""
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
@@ -146,16 +134,15 @@ jobs:
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Remove manfiest files and rebuild from source ..."
|
||||
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
|
||||
|
||||
echo "${CHART_PATH}"
|
||||
rm -rf ${CHART_PATH}/*
|
||||
echo "$chart_path"
|
||||
rm -rf $chart_path/*
|
||||
done
|
||||
|
||||
echo "----"
|
||||
@@ -168,57 +155,60 @@ jobs:
|
||||
run: |
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering Manifests ..."
|
||||
|
||||
render_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
|
||||
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
|
||||
chart_name=$(basename "$chart_path")
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering ..."
|
||||
echo ">> Chart: ${CHART_NAME}"
|
||||
echo ">> Path: ${CHART_PATH}"
|
||||
echo ""
|
||||
echo ">> Rendering chart: $chart_name"
|
||||
echo ">> Chart path $chart_path"
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
|
||||
if [ -f "$chart_path/Chart.yaml" ]; then
|
||||
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
|
||||
TEMPLATE=""
|
||||
|
||||
mkdir -p "${OUTPUT_FOLDER}"
|
||||
cd "${CHART_PATH}"
|
||||
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
|
||||
|
||||
cd $chart_path
|
||||
|
||||
echo ""
|
||||
echo ">> Updating helm dependencies ..."
|
||||
helm dependency update --skip-refresh > /dev/null
|
||||
echo ">> Updating helm dependency ..."
|
||||
helm dependency update --skip-refresh
|
||||
|
||||
echo ""
|
||||
echo ">> Linting helm chart ..."
|
||||
helm lint --namespace "${CHART_NAME}" --quiet
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh
|
||||
|
||||
local NAMESPACE="${CHART_NAME}"
|
||||
case "${CHART_NAME}" in
|
||||
echo ""
|
||||
echo ">> Linting helm ..."
|
||||
helm lint --namespace "$chart_name"
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering templates ..."
|
||||
case "$chart_name" in
|
||||
"stack")
|
||||
NAMESPACE="argocd"
|
||||
echo ""
|
||||
echo ">> Special Rendering into 'argocd' namespace ..."
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
|
||||
NAMESPACE="kube-system"
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for ${CHART_NAME} ..."
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
esac
|
||||
|
||||
echo ""
|
||||
echo ">> Formating rendered template ..."
|
||||
local TEMPLATE
|
||||
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
|
||||
# Format and split rendered template
|
||||
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
|
||||
# Strip comments again to ensure formatting correctness
|
||||
for file in "$OUTPUT_FOLDER"/*; do
|
||||
@@ -226,23 +216,15 @@ jobs:
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
|
||||
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
|
||||
ls $OUTPUT_FOLDER
|
||||
echo ""
|
||||
else
|
||||
echo ""
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
export -f render_chart
|
||||
export MAIN_DIR CLUSTER MANIFEST_DIR
|
||||
|
||||
# Run rendering in parallel
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
|
||||
done
|
||||
|
||||
echo "----"
|
||||
|
||||
@@ -250,18 +232,16 @@ jobs:
|
||||
id: check-changes
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
GIT_CHANGES=$(git status --porcelain)
|
||||
|
||||
if [ -n "${GIT_CHANGES}" ]; then
|
||||
echo ""
|
||||
if [ -n "$GIT_CHANGES" ]; then
|
||||
echo ">> Changes detected"
|
||||
git status --porcelain
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No changes detected, skipping PR creation"
|
||||
|
||||
fi
|
||||
@@ -274,22 +254,19 @@ jobs:
|
||||
env:
|
||||
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Commiting changes to ${BRANCH_NAME} ..."
|
||||
git add .
|
||||
git commit -m "chore: Update manifests after automerge"
|
||||
|
||||
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
|
||||
echo ""
|
||||
echo ">> Pushing changes to ${REPO_URL} ..."
|
||||
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
|
||||
echo ">> Pushing changes to $REPO_URL ..."
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "push=true" >> "$GITEA_OUTPUT"
|
||||
echo "push=true" >> $GITEA_OUTPUT
|
||||
|
||||
- name: Create Pull Request
|
||||
id: create-pull-request
|
||||
|
||||
@@ -1,11 +1,10 @@
|
||||
name: render-manifests-dispatch
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
# schedule:
|
||||
# - cron: '0 15 * * *'
|
||||
schedule:
|
||||
- cron: '0 3 * * *'
|
||||
|
||||
# workflow_dispatch:
|
||||
workflow_dispatch:
|
||||
|
||||
env:
|
||||
CLUSTER: cl01tl
|
||||
@@ -44,39 +43,24 @@ jobs:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Cache Helm Dependencies
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.cache/helm
|
||||
~/.config/helm
|
||||
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
restore-keys: |
|
||||
helm-cache-${{ runner.os }}-
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Configure git to use gitea-bot as user ..."
|
||||
git config user.name "gitea-bot"
|
||||
git config user.email "gitea-bot@alexlebens.net"
|
||||
|
||||
echo ""
|
||||
echo ">> Checking if PR branch exists ..."
|
||||
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
|
||||
echo ""
|
||||
if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
|
||||
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
|
||||
git fetch origin "${BRANCH_NAME}"
|
||||
git checkout "${BRANCH_NAME}"
|
||||
git pull --rebase
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
|
||||
git checkout -b "${BRANCH_NAME}"
|
||||
|
||||
git checkout -b $BRANCH_NAME
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
@@ -84,29 +68,25 @@ jobs:
|
||||
- name: Check which Directories have Changes
|
||||
id: check-dir-changes
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
RENDER_DIR=()
|
||||
|
||||
echo ""
|
||||
echo ">> Triggered on dispatch, will check all paths ..."
|
||||
|
||||
# Extract names of charts
|
||||
RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
|
||||
RENDER_DIR+=$(ls clusters/cl01tl/helm/)
|
||||
|
||||
if [ -n "${RENDER_DIR}" ]; then
|
||||
echo ""
|
||||
echo ">> Directories to Render:"
|
||||
echo "${RENDER_DIR}"
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> "$GITEA_OUTPUT"
|
||||
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
|
||||
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
|
||||
echo "EOF" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
echo "render-dir<<EOF" >> $GITEA_OUTPUT
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
|
||||
echo "EOF" >> $GITEA_OUTPUT
|
||||
else
|
||||
echo ">> No directories found"
|
||||
echo "changes-detected=false" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=false" >> $GITEA_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Add Repositories
|
||||
@@ -114,54 +94,29 @@ jobs:
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
|
||||
| tail -n +2 \
|
||||
| awk 'NF > 0 { print $1, $3 }' \
|
||||
| while read -r REPO_NAME REPO_URL; do
|
||||
if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
echo ""
|
||||
echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
|
||||
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
|
||||
for dir in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do
|
||||
if [[ "$cmd" == "*oci://*" ]]; then
|
||||
echo ">> Ignoring OCI repo"
|
||||
else
|
||||
echo "$cmd" | sh;
|
||||
fi
|
||||
done || true
|
||||
done
|
||||
|
||||
if helm repo list > /dev/null 2>&1; then
|
||||
echo ""
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Remove Changed Manifest Files
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
echo ""
|
||||
echo ">> Remove manfiest files and rebuild from source ..."
|
||||
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
|
||||
|
||||
echo "${CHART_PATH}"
|
||||
rm -rf ${CHART_PATH}/*
|
||||
done
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Render Helm Manifests
|
||||
id: render-manifests
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
@@ -170,57 +125,60 @@ jobs:
|
||||
run: |
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering Manifests ..."
|
||||
|
||||
render_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
|
||||
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
|
||||
chart_name=$(basename "$chart_path")
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering ..."
|
||||
echo ">> Chart: ${CHART_NAME}"
|
||||
echo ">> Path: ${CHART_PATH}"
|
||||
echo ""
|
||||
echo ">> Rendering chart: $chart_name"
|
||||
echo ">> Chart path $chart_path"
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
|
||||
if [ -f "$chart_path/Chart.yaml" ]; then
|
||||
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
|
||||
TEMPLATE=""
|
||||
|
||||
mkdir -p "${OUTPUT_FOLDER}"
|
||||
cd "${CHART_PATH}"
|
||||
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
|
||||
|
||||
cd $chart_path
|
||||
|
||||
echo ""
|
||||
echo ">> Updating helm dependencies ..."
|
||||
helm dependency update --skip-refresh > /dev/null
|
||||
echo ">> Updating helm dependency ..."
|
||||
helm dependency update --skip-refresh
|
||||
|
||||
echo ""
|
||||
echo ">> Linting helm chart ..."
|
||||
helm lint --namespace "${CHART_NAME}" --quiet
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh
|
||||
|
||||
local NAMESPACE="${CHART_NAME}"
|
||||
case "${CHART_NAME}" in
|
||||
echo ""
|
||||
echo ">> Linting helm ..."
|
||||
helm lint --namespace "$chart_name"
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering templates ..."
|
||||
case "$chart_name" in
|
||||
"stack")
|
||||
NAMESPACE="argocd"
|
||||
echo ""
|
||||
echo ">> Special Rendering into 'argocd' namespace ..."
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
|
||||
NAMESPACE="kube-system"
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for ${CHART_NAME} ..."
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
esac
|
||||
|
||||
echo ""
|
||||
echo ">> Formating rendered template ..."
|
||||
local TEMPLATE
|
||||
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
|
||||
# Format and split rendered template
|
||||
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
|
||||
# Strip comments again to ensure formatting correctness
|
||||
for file in "$OUTPUT_FOLDER"/*; do
|
||||
@@ -228,23 +186,15 @@ jobs:
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
|
||||
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
|
||||
ls $OUTPUT_FOLDER
|
||||
echo ""
|
||||
else
|
||||
echo ""
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
export -f render_chart
|
||||
export MAIN_DIR CLUSTER MANIFEST_DIR
|
||||
|
||||
# Run rendering in parallel
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
|
||||
done
|
||||
|
||||
echo "----"
|
||||
|
||||
@@ -252,18 +202,16 @@ jobs:
|
||||
id: check-changes
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
GIT_CHANGES=$(git status --porcelain)
|
||||
|
||||
if [ -n "${GIT_CHANGES}" ]; then
|
||||
echo ""
|
||||
if [ -n "$GIT_CHANGES" ]; then
|
||||
echo ">> Changes detected"
|
||||
git status --porcelain
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No changes detected, skipping PR creation"
|
||||
|
||||
fi
|
||||
@@ -274,23 +222,20 @@ jobs:
|
||||
id: commit-push
|
||||
if: steps.check-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Commiting changes to ${BRANCH_NAME} ..."
|
||||
git add .
|
||||
git commit -m "chore: Update manifests after change"
|
||||
|
||||
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
|
||||
echo ""
|
||||
echo ">> Pushing changes to ${REPO_URL} ..."
|
||||
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
|
||||
echo ">> Pushing changes to $REPO_URL ..."
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
|
||||
echo "push=true" >> "$GITEA_OUTPUT"
|
||||
echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
|
||||
echo "push=true" >> $GITEA_OUTPUT
|
||||
|
||||
- name: Check for Pull Request
|
||||
id: check-for-pull-requst
|
||||
|
||||
@@ -1,14 +1,13 @@
|
||||
name: render-manifests-merge
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
# pull_request:
|
||||
# branches:
|
||||
# - main
|
||||
# paths:
|
||||
# - 'clusters/cl01tl/helm/**'
|
||||
# types:
|
||||
# - closed
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'clusters/cl01tl/helm/**'
|
||||
types:
|
||||
- closed
|
||||
|
||||
env:
|
||||
CLUSTER: cl01tl
|
||||
@@ -48,39 +47,24 @@ jobs:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Cache Helm Dependencies
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.cache/helm
|
||||
~/.config/helm
|
||||
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
restore-keys: |
|
||||
helm-cache-${{ runner.os }}-
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Configure git to use gitea-bot as user ..."
|
||||
git config user.name "gitea-bot"
|
||||
git config user.email "gitea-bot@alexlebens.net"
|
||||
|
||||
echo ""
|
||||
echo ">> Checking if PR branch exists ..."
|
||||
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
|
||||
echo ""
|
||||
if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
|
||||
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
|
||||
git fetch origin "${BRANCH_NAME}"
|
||||
git checkout "${BRANCH_NAME}"
|
||||
git pull --rebase
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
|
||||
git checkout -b "${BRANCH_NAME}"
|
||||
|
||||
git checkout -b $BRANCH_NAME
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
@@ -88,31 +72,38 @@ jobs:
|
||||
- name: Check which Directories have Changes
|
||||
id: check-dir-changes
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
RENDER_DIR=()
|
||||
|
||||
echo ""
|
||||
echo ">> Checking for changes from HEAD^..HEAD ..."
|
||||
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
|
||||
|
||||
# Extract the chart names from the git diff
|
||||
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
|
||||
if [ -n "${GIT_DIFF}" ]; then
|
||||
echo ">> Changes detected:"
|
||||
echo "$GIT_DIFF"
|
||||
for path in $GIT_DIFF; do
|
||||
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
|
||||
RENDER_DIR+=$(echo " ")
|
||||
done
|
||||
|
||||
else
|
||||
echo ">> No changes detected"
|
||||
|
||||
fi
|
||||
|
||||
if [ -n "${RENDER_DIR}" ]; then
|
||||
echo ""
|
||||
echo ">> Directories to Render:"
|
||||
echo "${RENDER_DIR}"
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> "$GITEA_OUTPUT"
|
||||
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
|
||||
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
|
||||
echo "EOF" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
echo "render-dir<<EOF" >> $GITEA_OUTPUT
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
|
||||
echo "EOF" >> $GITEA_OUTPUT
|
||||
else
|
||||
echo ""
|
||||
echo ">> No chart changes detected"
|
||||
echo "changes-detected=false" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=false" >> $GITEA_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Add Repositories
|
||||
@@ -120,31 +111,25 @@ jobs:
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
|
||||
| tail -n +2 \
|
||||
| awk 'NF > 0 { print $1, $3 }' \
|
||||
| while read -r REPO_NAME REPO_URL; do
|
||||
if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
echo ""
|
||||
echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
|
||||
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
|
||||
for dir in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do
|
||||
if [[ "$cmd" == "*oci://*" ]]; then
|
||||
echo ">> Ignoring OCI repo"
|
||||
else
|
||||
echo "$cmd" | sh;
|
||||
fi
|
||||
done || true
|
||||
done
|
||||
|
||||
if helm repo list > /dev/null 2>&1; then
|
||||
echo ""
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
@@ -154,16 +139,15 @@ jobs:
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Remove manfiest files and rebuild from source ..."
|
||||
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
|
||||
|
||||
echo "${CHART_PATH}"
|
||||
rm -rf ${CHART_PATH}/*
|
||||
echo "$chart_path"
|
||||
rm -rf $chart_path/*
|
||||
done
|
||||
|
||||
echo "----"
|
||||
@@ -176,57 +160,60 @@ jobs:
|
||||
run: |
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering Manifests ..."
|
||||
|
||||
render_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
|
||||
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
|
||||
chart_name=$(basename "$chart_path")
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering ..."
|
||||
echo ">> Chart: ${CHART_NAME}"
|
||||
echo ">> Path: ${CHART_PATH}"
|
||||
echo ""
|
||||
echo ">> Rendering chart: $chart_name"
|
||||
echo ">> Chart path $chart_path"
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
|
||||
if [ -f "$chart_path/Chart.yaml" ]; then
|
||||
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
|
||||
TEMPLATE=""
|
||||
|
||||
mkdir -p "${OUTPUT_FOLDER}"
|
||||
cd "${CHART_PATH}"
|
||||
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
|
||||
|
||||
cd $chart_path
|
||||
|
||||
echo ""
|
||||
echo ">> Updating helm dependencies ..."
|
||||
helm dependency update --skip-refresh > /dev/null
|
||||
echo ">> Updating helm dependency ..."
|
||||
helm dependency update --skip-refresh
|
||||
|
||||
echo ""
|
||||
echo ">> Linting helm chart ..."
|
||||
helm lint --namespace "${CHART_NAME}" --quiet
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh
|
||||
|
||||
local NAMESPACE="${CHART_NAME}"
|
||||
case "${CHART_NAME}" in
|
||||
echo ""
|
||||
echo ">> Linting helm ..."
|
||||
helm lint --namespace "$chart_name"
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering templates ..."
|
||||
case "$chart_name" in
|
||||
"stack")
|
||||
NAMESPACE="argocd"
|
||||
echo ""
|
||||
echo ">> Special Rendering into 'argocd' namespace ..."
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
|
||||
NAMESPACE="kube-system"
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for ${CHART_NAME} ..."
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
esac
|
||||
|
||||
echo ""
|
||||
echo ">> Formating rendered template ..."
|
||||
local TEMPLATE
|
||||
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
|
||||
# Format and split rendered template
|
||||
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
|
||||
# Strip comments again to ensure formatting correctness
|
||||
for file in "$OUTPUT_FOLDER"/*; do
|
||||
@@ -234,23 +221,15 @@ jobs:
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
|
||||
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
|
||||
ls $OUTPUT_FOLDER
|
||||
echo ""
|
||||
else
|
||||
echo ""
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
export -f render_chart
|
||||
export MAIN_DIR CLUSTER MANIFEST_DIR
|
||||
|
||||
# Run rendering in parallel
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
|
||||
done
|
||||
|
||||
echo "----"
|
||||
|
||||
@@ -258,18 +237,16 @@ jobs:
|
||||
id: check-changes
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
GIT_CHANGES=$(git status --porcelain)
|
||||
|
||||
if [ -n "${GIT_CHANGES}" ]; then
|
||||
echo ""
|
||||
if [ -n "$GIT_CHANGES" ]; then
|
||||
echo ">> Changes detected"
|
||||
git status --porcelain
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No changes detected, skipping PR creation"
|
||||
|
||||
fi
|
||||
@@ -280,23 +257,20 @@ jobs:
|
||||
id: commit-push
|
||||
if: steps.check-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Commiting changes to ${BRANCH_NAME} ..."
|
||||
git add .
|
||||
git commit -m "chore: Update manifests after change"
|
||||
|
||||
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
|
||||
echo ""
|
||||
echo ">> Pushing changes to ${REPO_URL} ..."
|
||||
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
|
||||
echo ">> Pushing changes to $REPO_URL ..."
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
|
||||
echo "push=true" >> "$GITEA_OUTPUT"
|
||||
echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
|
||||
echo "push=true" >> $GITEA_OUTPUT
|
||||
|
||||
- name: Check for Pull Request
|
||||
id: check-for-pull-requst
|
||||
|
||||
@@ -1,12 +1,11 @@
|
||||
name: render-manifests-push
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
# push:
|
||||
# branches:
|
||||
# - main
|
||||
# paths:
|
||||
# - 'clusters/cl01tl/helm/**'
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'clusters/cl01tl/helm/**'
|
||||
|
||||
env:
|
||||
CLUSTER: cl01tl
|
||||
@@ -46,38 +45,24 @@ jobs:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Cache Helm Dependencies
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.cache/helm
|
||||
~/.config/helm
|
||||
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
restore-keys: |
|
||||
helm-cache-${{ runner.os }}-
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Configure git to use gitea-bot as user ..."
|
||||
git config user.name "gitea-bot"
|
||||
git config user.email "gitea-bot@alexlebens.net"
|
||||
|
||||
echo ">> Checking if PR branch exists ..."
|
||||
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
|
||||
echo ""
|
||||
if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
|
||||
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
|
||||
git fetch origin "${BRANCH_NAME}"
|
||||
git checkout "${BRANCH_NAME}"
|
||||
git pull --rebase
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
|
||||
git checkout -b "${BRANCH_NAME}"
|
||||
|
||||
git checkout -b $BRANCH_NAME
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
@@ -85,31 +70,38 @@ jobs:
|
||||
- name: Check which Directories have Changes
|
||||
id: check-dir-changes
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
RENDER_DIR=()
|
||||
|
||||
echo ""
|
||||
echo ">> Checking for changes ..."
|
||||
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
|
||||
|
||||
# Extract the chart names from the git diff
|
||||
RENDER_DIR=$(git diff --name-only ${{ gitea.event.before }}..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
|
||||
if [ -n "${GIT_DIFF}" ]; then
|
||||
echo ">> Changes detected:"
|
||||
echo "$GIT_DIFF"
|
||||
for path in $GIT_DIFF; do
|
||||
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
|
||||
RENDER_DIR+=$(echo " ")
|
||||
done
|
||||
|
||||
else
|
||||
echo ">> No changes detected"
|
||||
|
||||
fi
|
||||
|
||||
if [ -n "${RENDER_DIR}" ]; then
|
||||
echo ""
|
||||
echo ">> Directories to Render:"
|
||||
echo "${RENDER_DIR}"
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)"
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> "$GITEA_OUTPUT"
|
||||
echo "render-dir<<EOF" >> "$GITEA_OUTPUT"
|
||||
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT"
|
||||
echo "EOF" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
echo "render-dir<<EOF" >> $GITEA_OUTPUT
|
||||
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
|
||||
echo "EOF" >> $GITEA_OUTPUT
|
||||
else
|
||||
echo ""
|
||||
echo ">> No chart changes detected"
|
||||
echo "changes-detected=false" >> "$GITEA_OUTPUT"
|
||||
|
||||
echo "changes-detected=false" >> $GITEA_OUTPUT
|
||||
fi
|
||||
|
||||
- name: Add Repositories
|
||||
@@ -117,31 +109,25 @@ jobs:
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
|
||||
| tail -n +2 \
|
||||
| awk 'NF > 0 { print $1, $3 }' \
|
||||
| while read -r REPO_NAME REPO_URL; do
|
||||
if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
echo ""
|
||||
echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
|
||||
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
|
||||
for dir in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
|
||||
| tail +2 | head -n -1 \
|
||||
| awk '{ print "helm repo add " $1 " " $3 }' \
|
||||
| while read cmd; do
|
||||
if [[ "$cmd" == "*oci://*" ]]; then
|
||||
echo ">> Ignoring OCI repo"
|
||||
else
|
||||
echo "$cmd" | sh;
|
||||
fi
|
||||
done || true
|
||||
done
|
||||
|
||||
if helm repo list > /dev/null 2>&1; then
|
||||
echo ""
|
||||
if helm repo list | tail +2 | read -r; then
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
|
||||
fi
|
||||
|
||||
echo "----"
|
||||
@@ -151,17 +137,15 @@ jobs:
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Remove manfiest files and rebuild from source ..."
|
||||
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
|
||||
|
||||
echo ""
|
||||
echo "${CHART_PATH}"
|
||||
rm -rf ${CHART_PATH}/*
|
||||
echo "$chart_path"
|
||||
rm -rf $chart_path/*
|
||||
done
|
||||
|
||||
echo "----"
|
||||
@@ -174,57 +158,60 @@ jobs:
|
||||
run: |
|
||||
cd ${MAIN_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering Manifests ..."
|
||||
|
||||
render_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
|
||||
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
|
||||
chart_name=$(basename "$chart_path")
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering ..."
|
||||
echo ">> Chart: ${CHART_NAME}"
|
||||
echo ">> Path: ${CHART_PATH}"
|
||||
echo ""
|
||||
echo ">> Rendering chart: $chart_name"
|
||||
echo ">> Chart path $chart_path"
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
|
||||
if [ -f "$chart_path/Chart.yaml" ]; then
|
||||
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
|
||||
TEMPLATE=""
|
||||
|
||||
mkdir -p "${OUTPUT_FOLDER}"
|
||||
cd "${CHART_PATH}"
|
||||
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
|
||||
|
||||
cd $chart_path
|
||||
|
||||
echo ""
|
||||
echo ">> Updating helm dependencies ..."
|
||||
helm dependency update --skip-refresh > /dev/null
|
||||
echo ">> Updating helm dependency ..."
|
||||
helm dependency update --skip-refresh
|
||||
|
||||
echo ""
|
||||
echo ">> Linting helm chart ..."
|
||||
helm lint --namespace "${CHART_NAME}" --quiet
|
||||
echo ">> Building helm dependency ..."
|
||||
helm dependency build --skip-refresh
|
||||
|
||||
local NAMESPACE="${CHART_NAME}"
|
||||
case "${CHART_NAME}" in
|
||||
echo ""
|
||||
echo ">> Linting helm ..."
|
||||
helm lint --namespace "$chart_name"
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering templates ..."
|
||||
case "$chart_name" in
|
||||
"stack")
|
||||
NAMESPACE="argocd"
|
||||
echo ""
|
||||
echo ">> Special Rendering into 'argocd' namespace ..."
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
|
||||
NAMESPACE="kube-system"
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for ${CHART_NAME} ..."
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
;;
|
||||
esac
|
||||
|
||||
echo ""
|
||||
echo ">> Formating rendered template ..."
|
||||
local TEMPLATE
|
||||
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
|
||||
# Format and split rendered template
|
||||
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
|
||||
# Strip comments again to ensure formatting correctness
|
||||
for file in "$OUTPUT_FOLDER"/*; do
|
||||
@@ -232,23 +219,15 @@ jobs:
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:"
|
||||
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
|
||||
ls $OUTPUT_FOLDER
|
||||
echo ""
|
||||
else
|
||||
echo ""
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
|
||||
echo ""
|
||||
fi
|
||||
}
|
||||
|
||||
export -f render_chart
|
||||
export MAIN_DIR CLUSTER MANIFEST_DIR
|
||||
|
||||
# Run rendering in parallel
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
|
||||
done
|
||||
|
||||
echo "----"
|
||||
|
||||
@@ -256,18 +235,16 @@ jobs:
|
||||
id: check-changes
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
GIT_CHANGES=$(git status --porcelain)
|
||||
|
||||
if [ -n "${GIT_CHANGES}" ]; then
|
||||
echo ""
|
||||
if [ -n "$GIT_CHANGES" ]; then
|
||||
echo ">> Changes detected"
|
||||
git status --porcelain
|
||||
echo "changes-detected=true" >> $GITEA_OUTPUT
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No changes detected, skipping PR creation"
|
||||
|
||||
fi
|
||||
@@ -278,23 +255,20 @@ jobs:
|
||||
id: commit-push
|
||||
if: steps.check-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ""
|
||||
echo ">> Commiting changes to ${BRANCH_NAME} ..."
|
||||
git add .
|
||||
git commit -m "chore: Update manifests after change"
|
||||
|
||||
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
|
||||
echo ""
|
||||
echo ">> Pushing changes to ${REPO_URL} ..."
|
||||
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
|
||||
echo ">> Pushing changes to $REPO_URL ..."
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
|
||||
|
||||
echo "----"
|
||||
|
||||
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT"
|
||||
echo "push=true" >> "$GITEA_OUTPUT"
|
||||
echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
|
||||
echo "push=true" >> $GITEA_OUTPUT
|
||||
|
||||
- name: Check for Pull Request
|
||||
id: check-for-pull-requst
|
||||
|
||||
@@ -1,637 +0,0 @@
|
||||
name: render-manifests
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 15 * * *'
|
||||
|
||||
workflow_dispatch:
|
||||
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'clusters/cl01tl/helm/**'
|
||||
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- 'clusters/cl01tl/helm/**'
|
||||
types:
|
||||
- closed
|
||||
|
||||
env:
|
||||
CLUSTER: cl01tl
|
||||
BASE_BRANCH: manifests
|
||||
BRANCH_NAME_BASE: auto/update-manifests
|
||||
ASSIGNEE: alexlebens
|
||||
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
|
||||
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
|
||||
|
||||
jobs:
|
||||
render-manifests:
|
||||
runs-on: ubuntu-js
|
||||
if: >-
|
||||
github.event_name == 'schedule' ||
|
||||
github.event_name == 'workflow_dispatch' ||
|
||||
(github.event_name == 'push' && github.actor != 'renovate-bot') ||
|
||||
(github.event_name == 'pull_request' && github.event.pull_request.merged == true)
|
||||
steps:
|
||||
- name: Checkout Main
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
path: infrastructure
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Checkout Manifests
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
ref: manifests
|
||||
path: infrastructure-manifests
|
||||
|
||||
- name: Set Up Helm
|
||||
uses: azure/setup-helm@v4
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
|
||||
cache: true
|
||||
|
||||
- name: Configure Kubeconfig
|
||||
uses: azure/k8s-set-context@v4
|
||||
with:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Cache Helm Dependencies
|
||||
uses: actions/cache@v5
|
||||
with:
|
||||
path: |
|
||||
~/.cache/helm
|
||||
~/.config/helm
|
||||
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
|
||||
restore-keys: |
|
||||
helm-cache-${{ runner.os }}-
|
||||
|
||||
- name: Determine Workflow Mode
|
||||
id: mode
|
||||
run: |
|
||||
IS_AUTOMERGE="false"
|
||||
RENDER_ALL="false"
|
||||
DIFF_TARGET=""
|
||||
|
||||
if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
|
||||
echo ">> Mode: Dispatch/Schedule (Render All)"
|
||||
RENDER_ALL="true"
|
||||
|
||||
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
|
||||
if [[ "${{ contains(github.event.pull_request.labels.*.name, 'automerge') }}" == "true" ]]; then
|
||||
echo ">> Mode: PR Merged (Automerge)"
|
||||
IS_AUTOMERGE="true"
|
||||
|
||||
else
|
||||
echo ">> Mode: PR Merged (Standard)"
|
||||
|
||||
fi
|
||||
|
||||
DIFF_TARGET="HEAD^..HEAD"
|
||||
|
||||
elif [[ "${{ github.event_name }}" == "push" ]]; then
|
||||
echo ">> Mode: Push (Standard)"
|
||||
DIFF_TARGET="${{ github.event.before }}..HEAD"
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "is-automerge=${IS_AUTOMERGE}" >> "$GITHUB_OUTPUT"
|
||||
echo "render-all=${RENDER_ALL}" >> "$GITHUB_OUTPUT"
|
||||
echo "diff-target=${DIFF_TARGET}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
id: prepare-manifest-branch
|
||||
env:
|
||||
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
echo ">> Configure git to use gitea-bot as user ..."
|
||||
git config user.name "gitea-bot"
|
||||
git config user.email "gitea-bot@alexlebens.net"
|
||||
|
||||
if [[ "$IS_AUTOMERGE" == "true" ]]; then
|
||||
echo ""
|
||||
echo ">> Creating branch ${BRANCH_NAME} ..."
|
||||
BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-$(date +%Y%m%d%H%M%S)"
|
||||
git checkout -b "$BRANCH_NAME"
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Checking if PR branch exists ..."
|
||||
BRANCH_NAME="${BRANCH_NAME_BASE}"
|
||||
|
||||
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
|
||||
echo ""
|
||||
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
|
||||
git fetch origin "${BRANCH_NAME}"
|
||||
git checkout "${BRANCH_NAME}"
|
||||
git pull --rebase
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
|
||||
git checkout -b "${BRANCH_NAME}"
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "branch-name=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Check Which Directories Have Changes
|
||||
id: check-dir-changes
|
||||
env:
|
||||
RENDER_ALL: ${{ steps.mode.outputs.render-all }}
|
||||
DIFF_TARGET: ${{ steps.mode.outputs.diff-target }}
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
|
||||
if [[ "$RENDER_ALL" == "true" ]]; then
|
||||
echo ">> Triggered on dispatch, will check all paths ..."
|
||||
RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
|
||||
|
||||
else
|
||||
echo ">> Checking for changes from ${DIFF_TARGET} ..."
|
||||
RENDER_DIR=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
|
||||
|
||||
fi
|
||||
|
||||
if [ -n "${RENDER_DIR}" ]; then
|
||||
echo ""
|
||||
echo ">> Directories to Render:"
|
||||
echo ""
|
||||
echo "${RENDER_DIR}"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> "$GITHUB_OUTPUT"
|
||||
echo "render-dir<<EOF" >> "$GITHUB_OUTPUT"
|
||||
echo "${RENDER_DIR}" >> "$GITHUB_OUTPUT"
|
||||
echo "EOF" >> "$GITHUB_OUTPUT"
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> No chart changes detected"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=false" >> "$GITHUB_OUTPUT"
|
||||
|
||||
fi
|
||||
|
||||
- name: Add Repositories
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
|
||||
echo ">> Adding repositories for chart dependencies ..."
|
||||
echo ""
|
||||
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
|
||||
| tail -n +2 \
|
||||
| awk 'NF > 0 { print $1, $3 }' \
|
||||
| while read -r REPO_NAME REPO_URL; do
|
||||
if [[ "${REPO_URL}" == oci://* ]]; then
|
||||
echo ">> Ignoring OCI repo: ${REPO_URL}"
|
||||
|
||||
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
|
||||
helm repo add "${REPO_NAME}" "${REPO_URL}"
|
||||
|
||||
fi
|
||||
|
||||
done || true
|
||||
done
|
||||
|
||||
if helm repo list > /dev/null 2>&1; then
|
||||
echo ""
|
||||
echo ">> Update repository cache ..."
|
||||
helm repo update
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
- name: Remove Changed Manifest Files
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
echo ">> Remove manifest files and rebuild from source ..."
|
||||
echo ""
|
||||
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
CHART_PATH="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}"
|
||||
|
||||
echo "${CHART_PATH}"
|
||||
rm -rf "${CHART_PATH}"/*
|
||||
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
- name: Render Helm Manifests
|
||||
id: render-manifests
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd "${MAIN_DIR}"
|
||||
|
||||
echo ">> Rendering Manifests ..."
|
||||
|
||||
render_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
|
||||
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||
|
||||
echo ""
|
||||
echo ">> Rendering chart: ${CHART_NAME}"
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
|
||||
|
||||
mkdir -p "${OUTPUT_FOLDER}"
|
||||
cd "${CHART_PATH}"
|
||||
|
||||
helm dependency update --skip-refresh > /dev/null
|
||||
helm lint --namespace "${CHART_NAME}" --quiet
|
||||
|
||||
local NAMESPACE="${CHART_NAME}"
|
||||
case "${CHART_NAME}" in
|
||||
"stack")
|
||||
NAMESPACE="argocd"
|
||||
echo ">> Special Rendering into 'argocd' namespace ..."
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
|
||||
NAMESPACE="kube-system"
|
||||
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
|
||||
;;
|
||||
*)
|
||||
echo ">> Standard Rendering ..."
|
||||
esac
|
||||
|
||||
echo ">> Formating rendered template ..."
|
||||
local TEMPLATE
|
||||
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
|
||||
# Format and split rendered template
|
||||
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
|
||||
# Strip comments again to ensure formatting correctness
|
||||
for file in "$OUTPUT_FOLDER"/*; do
|
||||
yq -i '... comments=""' $file
|
||||
|
||||
done
|
||||
|
||||
echo ">> Manifests for ${CHART_NAME} rendered successfully to $OUTPUT_FOLDER:"
|
||||
echo ""
|
||||
ls $OUTPUT_FOLDER
|
||||
echo ""
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
export -f render_chart
|
||||
export MAIN_DIR CLUSTER MANIFEST_DIR
|
||||
|
||||
# Run rendering in parallel
|
||||
for DIR in ${RENDER_DIR}; do
|
||||
echo "${DIR}"
|
||||
|
||||
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
- name: Check for Changes
|
||||
id: check-changes
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
GIT_CHANGES=$(git status --porcelain)
|
||||
|
||||
if [ -n "${GIT_CHANGES}" ]; then
|
||||
echo ">> Changes detected"
|
||||
git status --porcelain
|
||||
|
||||
CHANGED_CHARTS=$(echo "$GIT_CHANGES" | grep -oE "clusters/${CLUSTER}/manifests/[^/]+" | awk -F '/' '{print $4}' | sort -u | paste -sd ',' -)
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "changes-detected=true" >> "$GITHUB_OUTPUT"
|
||||
echo "changed-charts-csv=${CHANGED_CHARTS}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
else
|
||||
echo ">> No changes detected, skipping PR creation"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
fi
|
||||
|
||||
- name: Commit and Push Changes
|
||||
id: commit-push
|
||||
if: steps.check-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
|
||||
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
MSG="chore: Update manifests after change"
|
||||
|
||||
if [[ "$IS_AUTOMERGE" == "true" ]]; then
|
||||
MSG="chore: Update manifests after automerge"
|
||||
|
||||
fi
|
||||
|
||||
echo ">> Commiting changes to ${BRANCH_NAME} ..."
|
||||
git add .
|
||||
git commit -m "${MSG}"
|
||||
|
||||
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
|
||||
|
||||
echo ""
|
||||
echo ">> Pushing changes to ${REPO_URL} ..."
|
||||
|
||||
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "push=true" >> "$GITHUB_OUTPUT"
|
||||
echo "head-branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Check for Pull Request
|
||||
id: check-for-pull-request
|
||||
if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'false'
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
GITEA_URL: ${{ secrets.REPO_URL }}
|
||||
HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
|
||||
|
||||
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
|
||||
echo ">> With Endpoint of:"
|
||||
echo "$API_ENDPOINT"
|
||||
|
||||
HTTP_STATUS=$(curl -X GET -s -w '%{http_code}' -o response_body.json -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
|
||||
|
||||
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
|
||||
echo ""
|
||||
echo ">> Pull Request has been found open, will update"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "pull-request-exists=$(cat response_body.json | jq -r .[0].number)" >> "$GITHUB_OUTPUT"
|
||||
echo "pull-request-url=$(cat response_body.json | jq -r .[0].html_url)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Pull Request not found"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "pull-request-exists=false" >> "$GITHUB_OUTPUT"
|
||||
|
||||
fi
|
||||
|
||||
- name: Create Pull Request
|
||||
id: create-pull-request
|
||||
if: steps.commit-push.outputs.push == 'true' && (steps.mode.outputs.is-automerge == 'true' || steps.check-for-pull-request.outputs.pull-request-exists == 'false')
|
||||
env:
|
||||
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
|
||||
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
GITEA_URL: ${{ secrets.REPO_URL }}
|
||||
HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
|
||||
CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
|
||||
EVENT_NAME: ${{ github.event_name }}
|
||||
ACTOR: ${{ github.actor }}
|
||||
SHA: ${{ github.sha }}
|
||||
REF: ${{ github.ref_name }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
|
||||
|
||||
BODY=$(printf "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.\n\n### Details\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
|
||||
|
||||
if [[ "$IS_AUTOMERGE" == "true" ]]; then
|
||||
TITLE="Automated Manifest Update - Automerge"
|
||||
BODY=$(printf "%s\n\n_This PR is expected to be automerged._" "${BODY}")
|
||||
|
||||
else
|
||||
TITLE="Automated Manifest Update"
|
||||
|
||||
fi
|
||||
|
||||
PAYLOAD=$(jq -n --arg head "${HEAD_BRANCH}" --arg base "${BASE_BRANCH}" --arg assignee "${ASSIGNEE}" --arg title "${TITLE}" --arg body "${BODY}" '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}')
|
||||
|
||||
HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
|
||||
|
||||
if [ "$HTTP_STATUS" == "201" ]; then
|
||||
echo ">> Pull Request created successfully!"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "pull-request-url=$(jq -r .html_url response_body.json)" >> "$GITHUB_OUTPUT"
|
||||
echo "pull-request-id=$(jq -r .id response_body.json)" >> "$GITHUB_OUTPUT"
|
||||
echo "pull-request-number=$(jq -r .number response_body.json)" >> "$GITHUB_OUTPUT"
|
||||
echo "pull-request-operation=created" >> "$GITHUB_OUTPUT"
|
||||
|
||||
elif [[ "$HTTP_STATUS" == "422" || "$HTTP_STATUS" == "409" ]]; then
|
||||
echo ""
|
||||
echo ">> Failed to create PR (Already exists)"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
else
|
||||
echo ""
|
||||
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
exit 1
|
||||
|
||||
fi
|
||||
|
||||
- name: Update Pull Request
|
||||
id: update-pull-request
|
||||
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
GITEA_URL: ${{ secrets.REPO_URL }}
|
||||
PR_NUMBER: ${{ steps.check-for-pull-request.outputs.pull-request-exists }}
|
||||
CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
|
||||
EVENT_NAME: ${{ github.event_name }}
|
||||
ACTOR: ${{ github.actor }}
|
||||
SHA: ${{ github.sha }}
|
||||
REF: ${{ github.ref_name }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}"
|
||||
|
||||
EXISTING_BODY=$(jq -r '.[0].body' response_body.json)
|
||||
|
||||
NEW_DETAILS=$(printf "### Update Details (%s)\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "$(date -u +'%Y-%m-%d %H:%M UTC')" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
|
||||
|
||||
UPDATED_BODY=$(printf "%s\n\n%s" "${EXISTING_BODY}" "${NEW_DETAILS}")
|
||||
|
||||
PAYLOAD=$(jq -n --arg body "${UPDATED_BODY}" '{body: $body}')
|
||||
|
||||
HTTP_STATUS=$(curl -X PATCH -s -w '%{http_code}' -o update_response.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
|
||||
|
||||
if [ "$HTTP_STATUS" == "201" ] || [ "$HTTP_STATUS" == "200" ]; then
|
||||
echo ">> Pull Request updated successfully!"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "pull-request-operation=updated" >> "$GITHUB_OUTPUT"
|
||||
|
||||
else
|
||||
echo ">> Failed to update PR, HTTP status code: $HTTP_STATUS"; exit 1
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
fi
|
||||
|
||||
- name: Merge Changes
|
||||
id: merge-changes
|
||||
if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'true'
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
|
||||
GITEA_URL: ${{ secrets.REPO_URL }}
|
||||
PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
|
||||
|
||||
PAYLOAD=$(jq -n --arg Do "merge" '{Do: $Do}')
|
||||
|
||||
HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
|
||||
|
||||
if [ "$HTTP_STATUS" == "200" ]; then
|
||||
echo ">> Pull Request merged successfully!"
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
echo "pull-request-operation=merged" >> "$GITHUB_OUTPUT"
|
||||
|
||||
else
|
||||
echo ">> Failed to merge PR, HTTP status code: $HTTP_STATUS"; exit 1
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
fi
|
||||
|
||||
- name: Cleanup Branch
|
||||
if: failure() && steps.mode.outputs.is-automerge == 'true'
|
||||
env:
|
||||
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
|
||||
run: |
|
||||
cd "${MANIFEST_DIR}"
|
||||
|
||||
echo ">> Removing branch: ${BRANCH_NAME}"
|
||||
git push origin --delete "${BRANCH_NAME}" || true
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
- name: ntfy Created
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
|
||||
with:
|
||||
url: "${{ secrets.NTFY_URL }}"
|
||||
topic: "${{ secrets.NTFY_TOPIC }}"
|
||||
title: "Manifest Render - Open PR"
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: "Created renderd manifests for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
|
||||
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
|
||||
|
||||
- name: ntfy Updated
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
|
||||
with:
|
||||
url: "${{ secrets.NTFY_URL }}"
|
||||
topic: "${{ secrets.NTFY_TOPIC }}"
|
||||
title: "Manifest Render - PR Updated"
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: "Updated rendered manifests PR for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
|
||||
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.check-for-pull-request.outputs.pull-request-url }}", "clear": true}]'
|
||||
|
||||
- name: ntfy Merged
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: steps.merge-changes.outputs.pull-request-operation == 'merged'
|
||||
with:
|
||||
url: "${{ secrets.NTFY_URL }}"
|
||||
topic: "${{ secrets.NTFY_TOPIC }}"
|
||||
title: "Manifest Render - Automerged"
|
||||
priority: 3
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,successfully,completed
|
||||
details: "Automerged manifest rendering for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
|
||||
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
|
||||
|
||||
- name: ntfy Failed
|
||||
uses: niniyas/ntfy-action@master
|
||||
if: failure()
|
||||
with:
|
||||
url: "${{ secrets.NTFY_URL }}"
|
||||
topic: "${{ secrets.NTFY_TOPIC }}"
|
||||
title: "Manifest Render Failure"
|
||||
priority: 4
|
||||
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
|
||||
tags: action,failed
|
||||
details: "Manifest rendering for Infrastructure has failed!"
|
||||
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
|
||||
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
|
||||
image: true
|
||||
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43
|
||||
container: ghcr.io/renovatebot/renovate:42
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
|
||||
generated: "2026-03-06T01:04:41.514235218Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:ff3e2f03e93cdd4593e28b9c8bd5b9ddb25548a20a070b2e202057f216207d03
|
||||
generated: "2026-01-16T18:44:37.399172263Z"
|
||||
|
||||
@@ -19,8 +19,8 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
# renovate: datasource=github-releases depName=actualbudget/actual
|
||||
appVersion: 26.3.0
|
||||
# renovate: github=actualbudget/actual
|
||||
appVersion: 25.12.0
|
||||
|
||||
@@ -9,7 +9,7 @@ actual:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/actualbudget/actual
|
||||
tag: 26.3.0
|
||||
tag: 26.1.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -81,8 +81,7 @@ volsync-target-data:
|
||||
enabled: true
|
||||
schedule: 0 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 0 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 0 10 * * *
|
||||
schedule: 0 9 * * *
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
dependencies:
|
||||
- name: argo-workflows
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 1.0.2
|
||||
version: 0.47.0
|
||||
- name: argo-events
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 2.4.20
|
||||
version: 2.4.19
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.9.1
|
||||
digest: sha256:31596af063744c13afac459184cd027d922d927f4191446eef63646bada28f8f
|
||||
generated: "2026-03-14T21:07:58.491981-05:00"
|
||||
version: 7.4.5
|
||||
digest: sha256:c36845d5688e28e6f6c6b6f2e17b40514f2adb937f2c6077deadfec9e6b294fe
|
||||
generated: "2026-01-14T21:30:10.440164554Z"
|
||||
|
||||
@@ -18,15 +18,15 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-workflows
|
||||
version: 1.0.2
|
||||
version: 0.47.0
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
- name: argo-events
|
||||
version: 2.4.20
|
||||
version: 2.4.19
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.9.1
|
||||
version: 7.4.5
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
# renovate: datasource=github-releases depName=argoproj/argo-workflows
|
||||
appVersion: v4.0.2
|
||||
# renovate: github=argoproj/argo-workflows
|
||||
appVersion: v3.7.6
|
||||
|
||||
@@ -1,14 +1,4 @@
|
||||
argo-workflows:
|
||||
crds:
|
||||
install: true
|
||||
keep: true
|
||||
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
|
||||
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
|
||||
full: true
|
||||
upgradeJob:
|
||||
image:
|
||||
repository: registry.k8s.io/kubectl
|
||||
tag: v1.35.2
|
||||
controller:
|
||||
metricsConfig:
|
||||
enabled: true
|
||||
@@ -115,7 +105,7 @@ postgres-18-cluster:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 14 * * *"
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.4.10
|
||||
digest: sha256:795aad956acef3f5efb8160390caf9b9792b7b4150d3a7984f1c5edbad92dfaa
|
||||
generated: "2026-03-10T18:58:35.720448421Z"
|
||||
version: 9.3.4
|
||||
digest: sha256:006518c10fc1636a5b0398de90d4a7687ae6c0bf4626c41d11b2bc3ad48ff416
|
||||
generated: "2026-01-14T23:02:04.617990687Z"
|
||||
|
||||
@@ -15,8 +15,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
version: 9.4.10
|
||||
version: 9.3.4
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
# renovate: datasource=github-releases depName=argoproj/argo-cd
|
||||
appVersion: v3.3.3
|
||||
# renovate: github=argoproj/argo-cd
|
||||
appVersion: v3.2.1
|
||||
|
||||
@@ -4,7 +4,6 @@ argo-cd:
|
||||
configs:
|
||||
cm:
|
||||
admin.enabled: true
|
||||
accounts.homepage: apiKey
|
||||
timeout.reconciliation: 100s
|
||||
timeout.reconciliation.jitter: 60s
|
||||
url: https://argocd.alexlebens.net
|
||||
@@ -30,7 +29,6 @@ argo-cd:
|
||||
rbac:
|
||||
policy.csv: |
|
||||
g, ArgoCD Admins, role:admin
|
||||
g, homepage, role:readonly
|
||||
controller:
|
||||
replicas: 1
|
||||
metrics:
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:7ee4cfdf7f908401c39b3cda0cf8783b25dcb9cf93e7c911609bab9e303ec5bf
|
||||
generated: "2026-03-06T01:05:03.534042627Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:c8a988258b26187972a8b69767bf5df502d7e2b12710eb357ac15240d872fd37
|
||||
generated: "2026-01-16T18:44:48.982249243Z"
|
||||
|
||||
@@ -21,12 +21,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-metadata
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
|
||||
appVersion: 2.33.0
|
||||
# renovate: github=advplyr/audiobookshelf
|
||||
appVersion: 2.31.0
|
||||
|
||||
@@ -1,52 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
name: audiobookshelf-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/name: audiobookshelf-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: audiobookshelf-books-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: audiobookshelf-audiobooks-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: audiobookshelf-podcasts-nfs-storage
|
||||
volumeName: audiobookshelf-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
name: audiobookshelf-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/name: audiobookshelf-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -15,57 +15,7 @@ spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: /volume2/Storage/Books
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
- minorversion=1
|
||||
- noac
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: /volume2/Storage/Audiobooks
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
- minorversion=1
|
||||
- noac
|
||||
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: /volume2/Storage/Podcasts
|
||||
path: /volume2/Storage
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
|
||||
@@ -9,7 +9,7 @@ audiobookshelf:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/advplyr/audiobookshelf
|
||||
tag: 2.33.0
|
||||
tag: 2.32.1
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -21,7 +21,7 @@ audiobookshelf:
|
||||
apprise-api:
|
||||
image:
|
||||
repository: caronc/apprise
|
||||
tag: v1.3.2
|
||||
tag: 1.3.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -114,26 +114,12 @@ audiobookshelf:
|
||||
main:
|
||||
- path: /metadata
|
||||
readOnly: false
|
||||
books:
|
||||
existingClaim: audiobookshelf-books-nfs-storage
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /mnt/store/Books
|
||||
readOnly: false
|
||||
audiobooks:
|
||||
existingClaim: audiobookshelf-audiobooks-nfs-storage
|
||||
existingClaim: audiobookshelf-nfs-storage
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /mnt/store/Audiobooks
|
||||
readOnly: false
|
||||
podcasts:
|
||||
existingClaim: audiobookshelf-podcasts-nfs-storage
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /mnt/store/Podcasts
|
||||
- path: /mnt/store/
|
||||
readOnly: false
|
||||
volsync-target-config:
|
||||
pvcTarget: audiobookshelf-config
|
||||
@@ -141,19 +127,17 @@ volsync-target-config:
|
||||
enabled: true
|
||||
schedule: 2 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 2 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 2 10 * * *
|
||||
schedule: 2 9 * * *
|
||||
volsync-target-metadata:
|
||||
pvcTarget: audiobookshelf-metadata
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 4 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 4 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 4 10 * * *
|
||||
schedule: 4 9 * * *
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
dependencies:
|
||||
- name: authentik
|
||||
repository: https://charts.goauthentik.io/
|
||||
version: 2026.2.1
|
||||
version: 2025.12.1
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
version: 2.1.6
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.9.1
|
||||
- name: valkey
|
||||
version: 7.4.5
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.0
|
||||
digest: sha256:abb34b7bb54393236e695453aa1940497cb4def3d3a56a45ca004a22f8e05648
|
||||
generated: "2026-03-11T22:55:49.936164674Z"
|
||||
version: 1.0.1
|
||||
digest: sha256:a473d3cc3e54c917f3d14c96f3de72e81940c82b3fbe6ce316e4d28a7bdcc56d
|
||||
generated: "2026-01-16T18:05:21.607549312Z"
|
||||
|
||||
@@ -21,19 +21,18 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: authentik
|
||||
version: 2026.2.1
|
||||
version: 2025.12.1
|
||||
repository: https://charts.goauthentik.io/
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
version: 2.1.6
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.9.1
|
||||
version: 7.4.5
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.4.0
|
||||
- name: redis-replication
|
||||
version: 1.0.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
|
||||
# renovate: datasource=github-releases depName=goauthentik/authentik
|
||||
# renovate: github=goauthentik/authentik
|
||||
appVersion: 2025.10.2
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1beta1
|
||||
kind: ReferenceGrant
|
||||
metadata:
|
||||
name: allow-outpost-cross-namespace-access
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: allow-outpost-cross-namespace-access
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
from:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: lidarr
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: radarr
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: radarr-4k
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: radarr-anime
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: radarr-standup
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: sonarr
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: sonarr-4k
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: HTTPRoute
|
||||
namespace: sonarr-anime
|
||||
to:
|
||||
- group: ""
|
||||
kind: Service
|
||||
name: ak-outpost-traefik-proxy-auth
|
||||
@@ -28,7 +28,7 @@ authentik:
|
||||
key: password
|
||||
authentik:
|
||||
redis:
|
||||
host: authentik-valkey
|
||||
host: redis-replication-authentik-master
|
||||
server:
|
||||
name: server
|
||||
replicas: 1
|
||||
@@ -68,11 +68,11 @@ postgres-18-cluster:
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
index: 2
|
||||
index: 1
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
index: 2
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
isWALArchiver: true
|
||||
@@ -93,7 +93,7 @@ postgres-18-cluster:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 5 14 * * *"
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
@@ -105,3 +105,10 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
redis-replication:
|
||||
existingSecret:
|
||||
enabled: false
|
||||
redisReplication:
|
||||
clusterSize: 3
|
||||
sentinel:
|
||||
enabled: true
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:f203538010828e77336f3cf39451a1072c90aeb8ece7c173a3476c49883b46d1
|
||||
generated: "2026-03-06T01:05:24.935421139Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:18365b7dd3995703aad6928ce22dd1c3b8ffd5f1cccf54b8f1489ad111d13104
|
||||
generated: "2026-01-16T18:45:00.087995513Z"
|
||||
|
||||
@@ -19,12 +19,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
|
||||
# renovate: datasource=github-releases depName=garethgeorge/backrest
|
||||
appVersion: v1.12.1
|
||||
# renovate: github=garethgeorge/backrest
|
||||
appVersion: v1.10.1
|
||||
|
||||
@@ -8,7 +8,7 @@ backrest:
|
||||
main:
|
||||
image:
|
||||
repository: garethgeorge/backrest
|
||||
tag: v1.12.1
|
||||
tag: v1.11.1
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -111,19 +111,17 @@ volsync-target-data:
|
||||
enabled: true
|
||||
schedule: 6 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 6 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 6 10 * * *
|
||||
schedule: 6 9 * * *
|
||||
volsync-target-config:
|
||||
pvcTarget: backrest-config
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 8 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 8 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 8 10 * * *
|
||||
schedule: 8 9 * * *
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:ce88e4cd451613c9dbc25d285700970789ff678452ef277f3c8465dbf6157f1f
|
||||
generated: "2026-03-06T01:05:44.405374459Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:77d0e82601292b4173d355d18c0de82bb37684a3dc29d7c8af4169308f14de48
|
||||
generated: "2026-01-16T18:45:10.855338471Z"
|
||||
|
||||
@@ -21,8 +21,8 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
|
||||
# renovate: datasource=github-releases depName=morpheus65535/bazarr
|
||||
appVersion: 1.5.6
|
||||
# renovate: github=linuxserver/bazarr
|
||||
appVersion: 1.5.3
|
||||
|
||||
@@ -15,7 +15,7 @@ bazarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/bazarr
|
||||
tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
|
||||
tag: 1.5.4@sha256:7d0a091a63889ce1e4ac4c90595ebd2c50ba5a5df7039a4f4d2be6c2aed6d4ae
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -87,8 +87,7 @@ volsync-target-config:
|
||||
enabled: true
|
||||
schedule: 10 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 10 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 10 10 * * *
|
||||
schedule: 10 9 * * *
|
||||
|
||||
@@ -2,8 +2,8 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.0
|
||||
digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
|
||||
generated: "2026-03-09T23:06:16.853255429Z"
|
||||
version: 1.0.1
|
||||
digest: sha256:f3cc9b85524eb1a0c8aec92a87ad4dd1f2f59c5bb3474b569ce188827e40b3d0
|
||||
generated: "2026-01-16T18:45:21.852495393Z"
|
||||
|
||||
@@ -17,10 +17,9 @@ dependencies:
|
||||
alias: blocky
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.4.0
|
||||
- name: redis-replication
|
||||
version: 1.0.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
|
||||
# renovate: datasource=github-releases depName=0xerr0r/blocky
|
||||
appVersion: v0.29.0
|
||||
# renovate: github=0xerr0r/blocky
|
||||
appVersion: v0.28.2
|
||||
|
||||
@@ -9,7 +9,7 @@ blocky:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/0xerr0r/blocky
|
||||
tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
|
||||
tag: v0.28.2@sha256:5f84a54e4ee950c4ab21db905b7497476ece2f4e1a376d23ab8c4855cabddcba
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -100,7 +100,6 @@ blocky:
|
||||
blocky IN A 10.232.1.22
|
||||
cilium-cl01tl IN A 10.232.1.23
|
||||
|
||||
|
||||
;; Application Names
|
||||
actual IN CNAME traefik-cl01tl
|
||||
alertmanager IN CNAME traefik-cl01tl
|
||||
@@ -113,10 +112,9 @@ blocky:
|
||||
booklore IN CNAME traefik-cl01tl
|
||||
ceph IN CNAME traefik-cl01tl
|
||||
code-server IN CNAME traefik-cl01tl
|
||||
dawarich IN CNAME traefik-cl01tl
|
||||
directus IN CNAME traefik-cl01tl
|
||||
excalidraw IN CNAME traefik-cl01tl
|
||||
ephemera IN CNAME traefik-cl01tl
|
||||
feishin IN CNAME traefik-cl01tl
|
||||
fladder IN CNAME traefik-cl01tl
|
||||
garage-s3 IN CNAME traefik-cl01tl
|
||||
garage-webui IN CNAME traefik-cl01tl
|
||||
gatus IN CNAME traefik-cl01tl
|
||||
@@ -128,20 +126,22 @@ blocky:
|
||||
home-assistant IN CNAME traefik-cl01tl
|
||||
home-assistant-code-server IN CNAME traefik-cl01tl
|
||||
hubble IN CNAME traefik-cl01tl
|
||||
huntarr IN CNAME traefik-cl01tl
|
||||
immich IN CNAME traefik-cl01tl
|
||||
jellyfin IN CNAME traefik-cl01tl
|
||||
jellystat IN CNAME traefik-cl01tl
|
||||
kiwix IN CNAME traefik-cl01tl
|
||||
komodo IN CNAME traefik-cl01tl
|
||||
lidarr IN CNAME traefik-cl01tl
|
||||
lidatube IN CNAME traefik-cl01tl
|
||||
listenarr IN CNAME traefik-cl01tl
|
||||
mail IN CNAME traefik-cl01tl
|
||||
movie-roulette IN CNAME traefik-cl01tl
|
||||
music-grabber IN CNAME traefik-cl01tl
|
||||
navidrome IN CNAME traefik-cl01tl
|
||||
ntfy IN CNAME traefik-cl01tl
|
||||
objects IN CNAME traefik-cl01tl
|
||||
ollama IN CNAME traefik-cl01tl
|
||||
omni-tools IN CNAME traefik-cl01tl
|
||||
overseerr IN CNAME traefik-cl01tl
|
||||
photoview IN CNAME traefik-cl01tl
|
||||
plex IN CNAME traefik-cl01tl
|
||||
postiz IN CNAME traefik-cl01tl
|
||||
@@ -161,12 +161,13 @@ blocky:
|
||||
sonarr-4k IN CNAME traefik-cl01tl
|
||||
sonarr-anime IN CNAME traefik-cl01tl
|
||||
stalwart IN CNAME traefik-cl01tl
|
||||
tautulli IN CNAME traefik-cl01tl
|
||||
tdarr IN CNAME traefik-cl01tl
|
||||
tubearchivist IN CNAME traefik-cl01tl
|
||||
vault IN CNAME traefik-cl01tl
|
||||
whodb IN CNAME traefik-cl01tl
|
||||
yamtrack IN CNAME traefik-cl01tl
|
||||
yubal IN CNAME traefik-cl01tl
|
||||
yubal-playlist IN CNAME traefik-cl01tl
|
||||
|
||||
blocking:
|
||||
denylists:
|
||||
@@ -193,42 +194,36 @@ blocky:
|
||||
*.alexlebens.dev
|
||||
*.boreal-beaufort.ts.net
|
||||
*.discord.com
|
||||
cdn.trackjs.com
|
||||
ads:
|
||||
- |
|
||||
*.alexlebens.net
|
||||
*.alexlebens.dev
|
||||
*.boreal-beaufort.ts.net
|
||||
*.discord.com
|
||||
cdn.trackjs.com
|
||||
priv:
|
||||
- |
|
||||
*.alexlebens.net
|
||||
*.alexlebens.dev
|
||||
*.boreal-beaufort.ts.net
|
||||
*.discord.com
|
||||
cdn.trackjs.com
|
||||
mal:
|
||||
- |
|
||||
*.alexlebens.net
|
||||
*.alexlebens.dev
|
||||
*.boreal-beaufort.ts.net
|
||||
*.discord.com
|
||||
cdn.trackjs.com
|
||||
pro:
|
||||
- |
|
||||
*.alexlebens.net
|
||||
*.alexlebens.dev
|
||||
*.boreal-beaufort.ts.net
|
||||
*.discord.com
|
||||
cdn.trackjs.com
|
||||
oisd:
|
||||
- |
|
||||
*.alexlebens.net
|
||||
*.alexlebens.dev
|
||||
*.boreal-beaufort.ts.net
|
||||
*.discord.com
|
||||
cdn.trackjs.com
|
||||
clientGroupsBlock:
|
||||
default:
|
||||
- sus
|
||||
@@ -260,7 +255,7 @@ blocky:
|
||||
cacheTimeNegative: 30m
|
||||
|
||||
redis:
|
||||
address: blocky-valkey.blocky:6379
|
||||
address: redis-replication-blocky-master.blocky:6379
|
||||
required: true
|
||||
|
||||
prometheus:
|
||||
@@ -333,3 +328,6 @@ blocky:
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: config.yml
|
||||
redis-replication:
|
||||
redisReplication:
|
||||
clusterSize: 1
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: mariadb-cluster
|
||||
repository: https://helm.mariadb.com/mariadb-operator
|
||||
version: 26.3.0
|
||||
version: 25.10.4
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
|
||||
generated: "2026-03-14T23:57:22.721295098Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:81601af110374e1571481873ace19f7bc694edb917ef35c1fbc623efe147a66d
|
||||
generated: "2026-01-16T18:45:33.641059484Z"
|
||||
|
||||
@@ -18,16 +18,16 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: mariadb-cluster
|
||||
version: 26.3.0
|
||||
version: 25.10.4
|
||||
repository: https://helm.mariadb.com/mariadb-operator
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
|
||||
# renovate: datasource=github-releases depName=booklore-app/BookLore
|
||||
appVersion: v2.2.1
|
||||
# renovate: github=booklore-app/BookLore
|
||||
appVersion: v1.13.2
|
||||
|
||||
@@ -0,0 +1,15 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationDestination
|
||||
metadata:
|
||||
name: booklore-data-replication-destination
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: booklore-data-replication-destination
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
rsyncTLS:
|
||||
copyMethod: Direct
|
||||
accessModes: ["ReadWriteMany"]
|
||||
destinationPVC: booklore-books-nfs-storage
|
||||
keySecret: booklore-data-replication-secret
|
||||
@@ -0,0 +1,17 @@
|
||||
apiVersion: volsync.backube/v1alpha1
|
||||
kind: ReplicationSource
|
||||
metadata:
|
||||
name: booklore-data-replication-source
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: booklore-data-replication-source
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
sourcePVC: booklore-data
|
||||
trigger:
|
||||
schedule: "0 0 * * *"
|
||||
rsyncTLS:
|
||||
keySecret: booklore-data-replication-secret
|
||||
address: volsync-rsync-tls-dst-booklore-data-replication-destination
|
||||
copyMethod: Snapshot
|
||||
@@ -9,15 +9,11 @@ booklore:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/booklore-app/booklore
|
||||
tag: v2.2.1
|
||||
tag: v1.17.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
- name: USER_ID
|
||||
value: 1000
|
||||
- name: GROUP_ID
|
||||
value: 1000
|
||||
- name: DATABASE_URL
|
||||
value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
|
||||
- name: DATABASE_USERNAME
|
||||
@@ -225,11 +221,10 @@ volsync-target-config:
|
||||
enabled: true
|
||||
schedule: 12 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 12 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 12 10 * * *
|
||||
schedule: 12 9 * * *
|
||||
volsync-target-data:
|
||||
pvcTarget: booklore-data
|
||||
local:
|
||||
@@ -239,11 +234,11 @@ volsync-target-data:
|
||||
cacheCapacity: 10Gi
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 14 9 * * *
|
||||
schedule: 14 10 * * *
|
||||
restic:
|
||||
cacheCapacity: 10Gi
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 14 10 * * *
|
||||
schedule: 14 9 * * *
|
||||
restic:
|
||||
cacheCapacity: 10Gi
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: cert-manager
|
||||
repository: https://charts.jetstack.io
|
||||
version: v1.20.0
|
||||
digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29
|
||||
generated: "2026-03-10T16:06:49.332999536Z"
|
||||
version: v1.19.2
|
||||
digest: sha256:b02bda9b9f2fc886af11d017a27a5761513defee603f9e3aa1d7add2749b925c
|
||||
generated: "2025-12-10T15:01:57.196895547Z"
|
||||
|
||||
@@ -14,8 +14,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: cert-manager
|
||||
version: v1.20.0
|
||||
version: v1.19.2
|
||||
repository: https://charts.jetstack.io
|
||||
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
|
||||
# renovate: datasource=github-releases depName=cert-manager/cert-manager
|
||||
appVersion: v1.20.0
|
||||
# renovate: github=cert-manager/cert-manager
|
||||
appVersion: v1.19.2
|
||||
|
||||
@@ -3,4 +3,4 @@ dependencies:
|
||||
repository: https://helm.cilium.io/
|
||||
version: 1.18.6
|
||||
digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
|
||||
generated: "2026-02-05T12:00:20.15778-06:00"
|
||||
generated: "2026-01-14T11:02:31.272963463Z"
|
||||
|
||||
@@ -18,5 +18,5 @@ dependencies:
|
||||
version: 1.18.6
|
||||
repository: https://helm.cilium.io/
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
|
||||
# renovate: datasource=github-releases depName=cilium/cilium
|
||||
appVersion: 1.19.1
|
||||
# renovate: github=cilium/cilium
|
||||
appVersion: 1.18.4
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# apiVersion: cilium.io/v2alpha1
|
||||
# kind: CiliumBGPAdvertisement
|
||||
# metadata:
|
||||
# name: cilium-bgp-advertisements
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# apiVersion: cilium.io/v2alpha1
|
||||
# kind: CiliumBGPClusterConfig
|
||||
# metadata:
|
||||
# name: cilium-bgp
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# apiVersion: cilium.io/v2alpha1
|
||||
# kind: CiliumBGPPeerConfig
|
||||
# metadata:
|
||||
# name: cilium-peer
|
||||
|
||||
@@ -0,0 +1,19 @@
|
||||
# apiVersion: "cilium.io/v2alpha1"
|
||||
# kind: CiliumL2AnnouncementPolicy
|
||||
# metadata:
|
||||
# name: general-l2-policy
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: general-l2-policy
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# nodeSelector:
|
||||
# matchExpressions:
|
||||
# - key: kubernetes.io/hostname
|
||||
# operator: Exists
|
||||
# interfaces:
|
||||
# - end0
|
||||
# - enp6s0
|
||||
# externalIPs: true
|
||||
# loadBalancerIPs: true
|
||||
@@ -1,4 +1,4 @@
|
||||
apiVersion: cilium.io/v2
|
||||
apiVersion: "cilium.io/v2alpha1"
|
||||
kind: CiliumLoadBalancerIPPool
|
||||
metadata:
|
||||
name: default-ip-pool
|
||||
@@ -11,9 +11,11 @@ spec:
|
||||
blocks:
|
||||
- start: "10.232.1.21"
|
||||
stop: "10.232.1.23"
|
||||
- start: "10.232.2.21"
|
||||
stop: "10.232.2.23"
|
||||
|
||||
---
|
||||
apiVersion: cilium.io/v2
|
||||
apiVersion: "cilium.io/v2alpha1"
|
||||
kind: CiliumLoadBalancerIPPool
|
||||
metadata:
|
||||
name: bgp-ip-pool
|
||||
|
||||
@@ -4,21 +4,25 @@
|
||||
# name: cilium-tls-gateway
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-tls-gateway
|
||||
# app.kubernetes.io/name: tls-gateway
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# annotations:
|
||||
# cert-manager.io/cluster-issuer: letsencrypt-issuer
|
||||
# spec:
|
||||
# addresses:
|
||||
# - type: IPAddress
|
||||
# value: 10.232.1.23
|
||||
# gatewayClassName: cilium
|
||||
# listeners:
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: '*.alexlebens.net'
|
||||
# name: http
|
||||
# port: 80
|
||||
# protocol: HTTP
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: '*.alexlebens.net'
|
||||
# name: https
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
@@ -29,17 +33,3 @@
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: 'alexlebens.net'
|
||||
# name: https-domain
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
# tls:
|
||||
# certificateRefs:
|
||||
# - group: ''
|
||||
# kind: Secret
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
|
||||
@@ -35,9 +35,8 @@ cilium:
|
||||
enabled: true
|
||||
routerIDAllocation:
|
||||
mode: "default"
|
||||
bpf:
|
||||
hostLegacyRouting: true
|
||||
devices: end0 enp6s0
|
||||
enableK8sEndpointSlice: true
|
||||
ciliumEndpointSlice:
|
||||
enabled: true
|
||||
ingressController:
|
||||
@@ -46,8 +45,6 @@ cilium:
|
||||
enabled: true
|
||||
enableAlpn: true
|
||||
enableAppProtocol: true
|
||||
gatewayClass:
|
||||
create: auto
|
||||
externalIPs:
|
||||
enabled: true
|
||||
socketLB:
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: cloudnative-pg
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
version: 0.27.1
|
||||
version: 0.27.0
|
||||
- name: plugin-barman-cloud
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
version: 0.5.0
|
||||
digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
|
||||
generated: "2026-02-05T19:36:19.473447121Z"
|
||||
version: 0.4.0
|
||||
digest: sha256:5e2a32fa5ed8b180ae5e556d65c67eeb3dcf38e2974b0d668eff4ee3c83258ce
|
||||
generated: "2025-12-30T21:01:48.755246408Z"
|
||||
|
||||
@@ -16,11 +16,11 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: cloudnative-pg
|
||||
version: 0.27.1
|
||||
version: 0.27.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
- name: plugin-barman-cloud
|
||||
version: 0.5.0
|
||||
version: 0.4.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
|
||||
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
|
||||
appVersion: 1.28.1
|
||||
# renovate: github=cloudnative-pg/cloudnative-pg
|
||||
appVersion: 1.28.0
|
||||
|
||||
@@ -7,10 +7,10 @@ plugin-barman-cloud:
|
||||
image:
|
||||
registry: ghcr.io
|
||||
repository: cloudnative-pg/plugin-barman-cloud
|
||||
tag: v0.11.0
|
||||
tag: v0.10.0
|
||||
sidecarImage:
|
||||
registry: ghcr.io
|
||||
repository: cloudnative-pg/plugin-barman-cloud-sidecar
|
||||
tag: v0.11.0
|
||||
tag: v0.10.0
|
||||
crds:
|
||||
create: true
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
version: 2.1.6
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
|
||||
generated: "2026-03-09T22:04:00.58415637Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:c988504ea0627250cc060576beac292d3292b012cdcca615a4cbaaf5ee976f02
|
||||
generated: "2026-01-16T18:45:47.220901906Z"
|
||||
|
||||
@@ -22,11 +22,11 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
version: 2.1.6
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-code-server
|
||||
appVersion: 4.108.1
|
||||
# renovate: github=coder/code-server
|
||||
appVersion: 4.106.3
|
||||
|
||||
@@ -9,7 +9,7 @@ code-server:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/code-server
|
||||
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
|
||||
tag: 4.108.0@sha256:982ef207e723fe04d001a9cfe58c545913c8271ae9fd4cb036fa004bfcc33631
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -79,8 +79,7 @@ volsync-target-config:
|
||||
enabled: true
|
||||
schedule: 16 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 16 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 16 10 * * *
|
||||
schedule: 16 9 * * *
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: coredns
|
||||
repository: https://coredns.github.io/helm
|
||||
version: 1.45.2
|
||||
digest: sha256:36ed42e4273536b6548426b4e0f51b0816d9e8fe52333bce4c61acd8ade607e8
|
||||
generated: "2026-01-24T08:01:31.043488615Z"
|
||||
version: 1.45.0
|
||||
digest: sha256:cfcb22a7d0bce4d6000800706597ae43faec74255f1deb5cc3279b2d0a81f6c6
|
||||
generated: "2025-12-02T17:17:52.206039-06:00"
|
||||
|
||||
@@ -7,7 +7,7 @@ keywords:
|
||||
- dns
|
||||
- network
|
||||
- kubernetes
|
||||
home: https://wiki.alexlebens.dev/s/
|
||||
home: https://wiki.alexlebens.dev/s/43947ec6-a034-449f-8c76-982ac493b072
|
||||
sources:
|
||||
- https://github.com/coredns/coredns
|
||||
- https://github.com/coredns/helm
|
||||
@@ -15,8 +15,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: coredns
|
||||
version: 1.45.2
|
||||
version: 1.45.0
|
||||
repository: https://coredns.github.io/helm
|
||||
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
|
||||
# renovate: datasource=github-releases depName=coredns/coredns
|
||||
appVersion: v1.14.2
|
||||
# renovate: github=coredns/coredns
|
||||
appVersion: v1.13.2
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
coredns:
|
||||
image:
|
||||
repository: registry.k8s.io/coredns/coredns
|
||||
tag: v1.14.2
|
||||
tag: v1.13.2
|
||||
replicaCount: 3
|
||||
resources:
|
||||
requests:
|
||||
|
||||
@@ -1,12 +0,0 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.9.1
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.0
|
||||
digest: sha256:9524709cf393c01f28b0d073ef6870a2f1afd46f3bc5f564e73c55450aba8dd0
|
||||
generated: "2026-03-11T22:56:11.749729235Z"
|
||||
@@ -1,29 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: dawarich
|
||||
version: 1.0.0
|
||||
description: Dawarich
|
||||
keywords:
|
||||
- dawarich
|
||||
- location
|
||||
home: https://wiki.alexlebens.dev/s/
|
||||
sources:
|
||||
- https://github.com/Freika/dawarich
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: app-template
|
||||
alias: dawarich
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.9.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.4.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
|
||||
# renovate: datasource=github-releases depName=Freika/dawarich
|
||||
appVersion: 1.3.3
|
||||
@@ -1,344 +0,0 @@
|
||||
dawarich:
|
||||
controllers:
|
||||
main:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
revisionHistoryLimit: 3
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: freikin/dawarich
|
||||
tag: 1.3.3
|
||||
pullPolicy: IfNotPresent
|
||||
command: ["web-entrypoint.sh"]
|
||||
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
|
||||
env:
|
||||
- name: RAILS_ENV
|
||||
value: production
|
||||
- name: REDIS_URL
|
||||
value: redis://dawarich-valkey.dawarich:6379
|
||||
- name: DATABASE_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: host
|
||||
- name: DATABASE_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: port
|
||||
- name: DATABASE_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: user
|
||||
- name: DATABASE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: password
|
||||
- name: DATABASE_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: dbname
|
||||
- name: APPLICATION_HOSTS
|
||||
value: dawarich.alexlebens.net,dawarich.dawarich,localhost,::1,127.0.0.1
|
||||
- name: TIME_ZONE
|
||||
value: America/Chicago
|
||||
- name: APPLICATION_PROTOCOL
|
||||
value: http
|
||||
- name: OIDC_ISSUER
|
||||
value: https://authentik.alexlebens.net/application/o/darwich/
|
||||
- name: OIDC_REDIRECT_URI
|
||||
value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-secret
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-secret
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
- name: OIDC_AUTO_REGISTER
|
||||
value: true
|
||||
- name: PROMETHEUS_EXPORTER_ENABLED
|
||||
value: true
|
||||
- name: PROMETHEUS_EXPORTER_HOST
|
||||
value: 0.0.0.0
|
||||
- name: PROMETHEUS_EXPORTER_PORT
|
||||
value: 9394
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key-secret
|
||||
key: key
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
- name: SELF_HOSTED
|
||||
value: true
|
||||
- name: STORE_GEODATA
|
||||
value: true
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
sidekiq:
|
||||
image:
|
||||
repository: freikin/dawarich
|
||||
tag: 1.3.3
|
||||
pullPolicy: IfNotPresent
|
||||
command: ["sidekiq-entrypoint.sh"]
|
||||
args: ["sidekiq"]
|
||||
env:
|
||||
- name: RAILS_ENV
|
||||
value: production
|
||||
- name: REDIS_URL
|
||||
value: redis://dawarich-valkey.dawarich:6379
|
||||
- name: DATABASE_HOST
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: host
|
||||
- name: DATABASE_PORT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: port
|
||||
- name: DATABASE_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: user
|
||||
- name: DATABASE_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: password
|
||||
- name: DATABASE_NAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-postgresql-18-cluster-app
|
||||
key: dbname
|
||||
- name: APPLICATION_HOSTS
|
||||
value: dawarich.alexlebens.net,dawarich.dawarich,localhost,::1,127.0.0.1
|
||||
- name: TIME_ZONE
|
||||
value: America/Chicago
|
||||
- name: APPLICATION_PROTOCOL
|
||||
value: http
|
||||
- name: DISTANCE_UNIT
|
||||
value: mi
|
||||
- name: OIDC_ISSUER
|
||||
value: https://authentik.alexlebens.net/application/o/darwich/
|
||||
- name: OIDC_REDIRECT_URI
|
||||
value: https://dawarich.alexlebens.net/users/auth/openid_connect/callback
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-secret
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-secret
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
- name: OIDC_AUTO_REGISTER
|
||||
value: true
|
||||
- name: PROMETHEUS_EXPORTER_ENABLED
|
||||
value: true
|
||||
- name: PROMETHEUS_EXPORTER_HOST
|
||||
value: 0.0.0.0
|
||||
- name: PROMETHEUS_EXPORTER_PORT
|
||||
value: 9394
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key-secret
|
||||
key: key
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
- name: SELF_HOSTED
|
||||
value: true
|
||||
- name: STORE_GEODATA
|
||||
value: true
|
||||
probes:
|
||||
liveness:
|
||||
enabled: false
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /bin/sh
|
||||
- -c
|
||||
- pgrep -f sidekiq
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 60
|
||||
periodSeconds: 10
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 10
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
ports:
|
||||
http:
|
||||
port: 80
|
||||
targetPort: 3000
|
||||
protocol: TCP
|
||||
metrics:
|
||||
port: 9394
|
||||
targetPort: 9394
|
||||
protocol: TCP
|
||||
serviceMonitor:
|
||||
main:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: dawarich
|
||||
app.kubernetes.io/instance: dawarich
|
||||
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
|
||||
endpoints:
|
||||
- port: metrics
|
||||
interval: 30s
|
||||
scrapeTimeout: 15s
|
||||
path: /metrics
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- dawarich.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ""
|
||||
kind: Service
|
||||
name: dawarich
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
storage:
|
||||
forceRename: dawarich-storage
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
retain: true
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /var/app/storage
|
||||
readOnly: false
|
||||
sidekiq:
|
||||
- path: /var/app/storage
|
||||
readOnly: false
|
||||
public:
|
||||
forceRename: dawarich-public
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
retain: true
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /var/app/public
|
||||
readOnly: false
|
||||
sidekiq:
|
||||
- path: /var/app/public
|
||||
readOnly: false
|
||||
watched:
|
||||
forceRename: dawarich-watched
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 1Gi
|
||||
retain: true
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /var/app/tmp/imports/watched
|
||||
readOnly: false
|
||||
sidekiq:
|
||||
- path: /var/app/tmp/imports/watched
|
||||
readOnly: false
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
image:
|
||||
repository: ghcr.io/cloudnative-pg/postgis
|
||||
tag: 18-3-system-trixie
|
||||
initdb:
|
||||
postInitTemplateSQL:
|
||||
- CREATE EXTENSION postgis;
|
||||
- CREATE EXTENSION postgis_topology;
|
||||
- CREATE EXTENSION fuzzystrmatch;
|
||||
- CREATE EXTENSION postgis_tiger_geocoder;
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
index: 1
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 10 14 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
@@ -1,6 +0,0 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:548ae1f8699100a2f6bac11a4a3137402b3eea340c7a3db4d9f1813ad6a11dca
|
||||
generated: "2026-02-23T22:08:42.516245-06:00"
|
||||
@@ -1,20 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: decluttarr
|
||||
version: 1.0.0
|
||||
description: decluttarr
|
||||
keywords:
|
||||
- decluttarr
|
||||
- servarr
|
||||
home: https://wiki.alexlebens.dev/s/
|
||||
sources:
|
||||
- https://github.com/ManiMatter/decluttarr
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: app-template
|
||||
alias: decluttarr
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
# renovate: datasource=github-releases depName=ManiMatter/decluttarr
|
||||
appVersion: v2.0.0
|
||||
@@ -1,32 +0,0 @@
|
||||
decluttarr:
|
||||
controllers:
|
||||
main:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
revisionHistoryLimit: 3
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/manimatter/decluttarr
|
||||
tag: v2.0.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
type: secret
|
||||
name: decluttarr-config-secret
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /app/config/config.yaml
|
||||
readOnly: true
|
||||
mountPropagation: None
|
||||
subPath: config.yaml
|
||||
@@ -17,5 +17,5 @@ dependencies:
|
||||
repository: https://democratic-csi.github.io/charts/
|
||||
version: 0.15.1
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
# renovate: datasource=github-releases depName=democratic-csi/democratic-csi
|
||||
# renovate: github=democratic-csi/democratic-csi
|
||||
appVersion: v1.9.4
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: descheduler
|
||||
repository: https://kubernetes-sigs.github.io/descheduler/
|
||||
version: 0.35.1
|
||||
digest: sha256:ed7cc8068b83ac483fda3a781227b35e12a34abdca214b5490e7036c89db1a95
|
||||
generated: "2026-03-09T21:21:45.788316167Z"
|
||||
version: 0.34.0
|
||||
digest: sha256:1020c1fc8c179744f308e9b79f010dcaf59a05019f7d007157974be97063e12b
|
||||
generated: "2025-12-01T20:25:26.970808-06:00"
|
||||
|
||||
@@ -14,8 +14,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: descheduler
|
||||
version: 0.35.1
|
||||
version: 0.34.0
|
||||
repository: https://kubernetes-sigs.github.io/descheduler/
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
# renovate: datasource=github-releases depName=kubernetes-sigs/descheduler
|
||||
appVersion: v0.35.1
|
||||
# renovate: github=kubernetes-sigs/descheduler
|
||||
appVersion: 0.34.0
|
||||
|
||||
@@ -2,11 +2,14 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.6
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.9.1
|
||||
- name: valkey
|
||||
version: 7.4.5
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.0
|
||||
digest: sha256:0b50b4938669a7210930d6ee86a9602611b54cd13774f3386dbad04b4771e7f4
|
||||
generated: "2026-03-11T22:56:26.818980186Z"
|
||||
version: 1.0.1
|
||||
digest: sha256:a6c475943e21a16f1978f93b944d952641d0a69aa42022d6ab91c1296d44c3f5
|
||||
generated: "2026-01-16T18:45:59.110701786Z"
|
||||
|
||||
@@ -21,14 +21,16 @@ dependencies:
|
||||
alias: directus
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.6
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.9.1
|
||||
version: 7.4.5
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.4.0
|
||||
- name: redis-replication
|
||||
version: 1.0.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
|
||||
# renovate: datasource=github-releases depName=directus/directus
|
||||
appVersion: 11.16.1
|
||||
# renovate: github=directus/directus
|
||||
appVersion: 11.14.0
|
||||
|
||||
@@ -98,10 +98,10 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-bucket-garage
|
||||
name: directus-redis-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-bucket-garage
|
||||
app.kubernetes.io/name: directus-redis-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -109,61 +109,17 @@ spec:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/directus-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/directus-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/directus-assets
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-valkey-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-valkey-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: default
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/directus/valkey
|
||||
metadataPolicy: None
|
||||
property: password
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/directus/valkey
|
||||
key: /cl01tl/directus/redis
|
||||
metadataPolicy: None
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/directus/valkey
|
||||
key: /cl01tl/directus/redis
|
||||
metadataPolicy: None
|
||||
property: password
|
||||
|
||||
@@ -0,0 +1,11 @@
|
||||
apiVersion: objectbucket.io/v1alpha1
|
||||
kind: ObjectBucketClaim
|
||||
metadata:
|
||||
name: ceph-bucket-directus
|
||||
labels:
|
||||
app.kubernetes.io/name: ceph-bucket-directus
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
generateBucketName: bucket-directus
|
||||
storageClassName: ceph-bucket
|
||||
@@ -9,11 +9,11 @@ directus:
|
||||
main:
|
||||
image:
|
||||
repository: directus/directus
|
||||
tag: 11.16.1
|
||||
tag: 11.14.1
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: PUBLIC_URL
|
||||
value: https://directus.alexlebens.net
|
||||
value: https://directus.alexlebens.dev
|
||||
- name: WEBSOCKETS_ENABLED
|
||||
value: true
|
||||
- name: ADMIN_EMAIL
|
||||
@@ -72,16 +72,16 @@ directus:
|
||||
- name: REDIS_ENABLED
|
||||
value: true
|
||||
- name: REDIS_HOST
|
||||
value: directus-valkey
|
||||
value: redis-replication-directus-master
|
||||
- name: REDIS_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-valkey-config
|
||||
name: directus-redis-config
|
||||
key: user
|
||||
- name: REDIS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-valkey-config
|
||||
name: directus-redis-config
|
||||
key: password
|
||||
- name: STORAGE_LOCATIONS
|
||||
value: s3
|
||||
@@ -90,22 +90,22 @@ directus:
|
||||
- name: STORAGE_S3_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-bucket-garage
|
||||
key: ACCESS_KEY_ID
|
||||
name: ceph-bucket-directus
|
||||
key: AWS_ACCESS_KEY_ID
|
||||
- name: STORAGE_S3_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-bucket-garage
|
||||
key: ACCESS_SECRET_KEY
|
||||
- name: STORAGE_S3_REGION
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-bucket-garage
|
||||
key: ACCESS_REGION
|
||||
name: ceph-bucket-directus
|
||||
key: AWS_SECRET_ACCESS_KEY
|
||||
- name: STORAGE_S3_BUCKET
|
||||
value: directus-assets
|
||||
valueFrom:
|
||||
configMapKeyRef:
|
||||
name: ceph-bucket-directus
|
||||
key: BUCKET_NAME
|
||||
- name: STORAGE_S3_REGION
|
||||
value: us-east-1
|
||||
- name: STORAGE_S3_ENDPOINT
|
||||
value: http://garage-main.garage:3900
|
||||
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
|
||||
- name: STORAGE_S3_FORCE_PATH_STYLE
|
||||
value: true
|
||||
- name: AUTH_PROVIDERS
|
||||
@@ -125,7 +125,7 @@ directus:
|
||||
- name: AUTH_AUTHENTIK_SCOPE
|
||||
value: openid profile email
|
||||
- name: AUTH_AUTHENTIK_ISSUER_URL
|
||||
value: https://authentik.alexlebens.net/application/o/directus/.well-known/openid-configuration
|
||||
value: https://auth.alexlebens.dev/application/o/directus/.well-known/openid-configuration
|
||||
- name: AUTH_AUTHENTIK_IDENTIFIER_KEY
|
||||
value: email
|
||||
- name: AUTH_AUTHENTIK_ALLOW_PUBLIC_REGISTRATION
|
||||
@@ -168,27 +168,6 @@ directus:
|
||||
bearerTokenSecret:
|
||||
name: directus-metric-token
|
||||
key: metric-token
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- directus.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: directus
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
recovery:
|
||||
@@ -219,7 +198,7 @@ postgres-18-cluster:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 15 14 * * *"
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
@@ -231,13 +210,12 @@ postgres-18-cluster:
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
valkey:
|
||||
valkey:
|
||||
auth:
|
||||
redis-replication:
|
||||
existingSecret:
|
||||
enabled: true
|
||||
name: directus-redis-config
|
||||
key: password
|
||||
redisReplication:
|
||||
clusterSize: 3
|
||||
sentinel:
|
||||
enabled: true
|
||||
usersExistingSecret: directus-valkey-config
|
||||
aclUsers:
|
||||
default:
|
||||
permissions: "~* &* +@all"
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: eck-operator
|
||||
repository: https://helm.elastic.co
|
||||
version: 3.3.1
|
||||
digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
|
||||
generated: "2026-02-25T18:48:55.77034549Z"
|
||||
version: 3.2.0
|
||||
digest: sha256:b27ba092ddfa078f763e409dd5db1144a269eff0f45af04f180d844f13466a34
|
||||
generated: "2025-12-01T20:25:30.722424-06:00"
|
||||
|
||||
@@ -15,8 +15,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: eck-operator
|
||||
version: 3.3.1
|
||||
version: 3.2.0
|
||||
repository: https://helm.elastic.co
|
||||
icon: https://helm.elastic.co/icons/eck.png
|
||||
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s
|
||||
appVersion: v3.3.1
|
||||
# renovate: github=elastic/cloud-on-k8s
|
||||
appVersion: v3.2.0
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: element-web
|
||||
repository: https://ananace.gitlab.io/charts
|
||||
version: 1.4.32
|
||||
version: 1.4.27
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
|
||||
generated: "2026-03-11T16:04:17.556777286Z"
|
||||
version: 2.1.6
|
||||
digest: sha256:b8b4e36fb88254e7575bd3aff60721fbf44a13af33eff949b6bc011facfcec62
|
||||
generated: "2026-01-08T23:02:24.62763032Z"
|
||||
|
||||
@@ -17,11 +17,11 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: element-web
|
||||
version: 1.4.32
|
||||
version: 1.4.27
|
||||
repository: https://ananace.gitlab.io/charts
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
version: 2.1.6
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
|
||||
# renovate: datasource=github-releases depName=element-hq/element-web
|
||||
appVersion: v1.12.12
|
||||
# renovate: github=element-hq/element-web
|
||||
appVersion: v1.12.6
|
||||
|
||||
@@ -2,7 +2,7 @@ element-web:
|
||||
replicaCount: 1
|
||||
image:
|
||||
repository: vectorim/element-web
|
||||
tag: v1.12.12
|
||||
tag: v1.12.8
|
||||
pullPolicy: IfNotPresent
|
||||
defaultServer:
|
||||
url: https://matrix.alexlebens.dev
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:e95959fff72e8ae74623fb27294d6704ce4b68c795109b493f3245790ef86058
|
||||
generated: "2026-03-06T01:19:39.391848002Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:c270dc80232d53598370e68d969ddcb71f26eb6910b7bb51761b88127e065f5a
|
||||
generated: "2026-01-16T18:46:10.06351851Z"
|
||||
28
clusters/cl01tl/helm/ephemera/Chart.yaml
Normal file
28
clusters/cl01tl/helm/ephemera/Chart.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: v2
|
||||
name: ephemera
|
||||
version: 1.0.0
|
||||
description: ephemera
|
||||
keywords:
|
||||
- ephemera
|
||||
- books
|
||||
home: https://wiki.alexlebens.dev/
|
||||
sources:
|
||||
- https://github.com/OrwellianEpilogue/ephemera
|
||||
- https://github.com/FlareSolverr/FlareSolverr
|
||||
- https://github.com/orwellianepilogue/ephemera/pkgs/container/ephemera
|
||||
- https://github.com/flaresolverr/FlareSolverr/pkgs/container/flaresolverr
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: app-template
|
||||
alias: ephemera
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png
|
||||
# renovate: github=OrwellianEpilogue/ephemera
|
||||
appVersion: 1.3.1
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-key-secret
|
||||
name: ephemera-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-key-secret
|
||||
app.kubernetes.io/name: ephemera-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -16,7 +16,7 @@ spec:
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/dawarich/key
|
||||
key: /cl01tl/ephemera/config
|
||||
metadataPolicy: None
|
||||
property: key
|
||||
|
||||
@@ -24,10 +24,10 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-oidc-secret
|
||||
name: ephemera-apprise-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-oidc-secret
|
||||
app.kubernetes.io/name: ephemera-apprise-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
@@ -35,17 +35,10 @@ spec:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: client
|
||||
- secretKey: ntfy-url
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/dawarich
|
||||
key: /cl01tl/ephemera/config
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/dawarich
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
property: ntfy-url
|
||||
@@ -0,0 +1,17 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: ephemera-import-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ephemera-import-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: ephemera-import-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
@@ -0,0 +1,23 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: ephemera-import-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: ephemera-import-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
capacity:
|
||||
storage: 1Gi
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: /volume2/Storage/Books Import
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
- minorversion=1
|
||||
- noac
|
||||
143
clusters/cl01tl/helm/ephemera/values.yaml
Normal file
143
clusters/cl01tl/helm/ephemera/values.yaml
Normal file
@@ -0,0 +1,143 @@
|
||||
ephemera:
|
||||
controllers:
|
||||
main:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
revisionHistoryLimit: 3
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/orwellianepilogue/ephemera
|
||||
tag: 2.0.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: ALLOWED_ORIGINS
|
||||
value: https://ephemera.alexlebens.net
|
||||
- name: BASE_URL
|
||||
value: https://ephemera.alexlebens.net
|
||||
- name: AA_BASE_URL
|
||||
value: https://annas-archive.org
|
||||
# - name: AA_API_KEY
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: ephemera-key-secret
|
||||
# key: key
|
||||
- name: FLARESOLVERR_URL
|
||||
value: http://127.0.0.1:8191
|
||||
- name: LG_BASE_URL
|
||||
value: https://gen.com
|
||||
- name: PUID
|
||||
value: 0
|
||||
- name: PGID
|
||||
value: 0
|
||||
resources:
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 128Mi
|
||||
flaresolverr:
|
||||
image:
|
||||
repository: ghcr.io/flaresolverr/flaresolverr
|
||||
tag: v3.4.6
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: LOG_LEVEL
|
||||
value: info
|
||||
- name: LOG_HTML
|
||||
value: false
|
||||
- name: CAPTCHA_SOLVER
|
||||
value: none
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
apprise-api:
|
||||
image:
|
||||
repository: caronc/apprise
|
||||
tag: 1.3.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
value: US/Central
|
||||
- name: APPRISE_STORAGE_MODE
|
||||
value: memory
|
||||
- name: APPRISE_STATEFUL_MODE
|
||||
value: disabled
|
||||
- name: APPRISE_WORKER_COUNT
|
||||
value: 1
|
||||
- name: APPRISE_STATELESS_URLS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: ephemera-apprise-config
|
||||
key: ntfy-url
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
ports:
|
||||
http:
|
||||
port: 80
|
||||
targetPort: 8286
|
||||
protocol: HTTP
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- ephemera.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: ephemera
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
forceRename: ephemera
|
||||
storageClass: ceph-block
|
||||
accessMode: ReadWriteOnce
|
||||
size: 5Gi
|
||||
retain: true
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /app/data
|
||||
readOnly: false
|
||||
cache:
|
||||
type: emptyDir
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /app/downloads
|
||||
readOnly: false
|
||||
ingest:
|
||||
existingClaim: ephemera-import-nfs-storage
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /app/ingest
|
||||
readOnly: false
|
||||
volsync-target-config:
|
||||
pvcTarget: ephemera
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 16 8 * * *
|
||||
remote:
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 16 9 * * *
|
||||
@@ -17,5 +17,5 @@ dependencies:
|
||||
version: 1.4.1
|
||||
repository: https://eraser-dev.github.io/eraser/charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
# renovate: datasource=github-releases depName=eraser-dev/eraser
|
||||
# renovate: github=eraser-dev/eraser
|
||||
appVersion: v1.4.1
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:e05d84dd266b8b456a8bc7f9a2bb3ab01f4ac926efd1a58cf405b0cdab343d3f
|
||||
generated: "2026-01-17T18:27:08.062835-06:00"
|
||||
@@ -1,21 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: excalidraw
|
||||
version: 1.0.0
|
||||
description: Excalidraw
|
||||
keywords:
|
||||
- excalidraw
|
||||
home: https://wiki.alexlebens.dev/
|
||||
sources:
|
||||
- https://github.com/excalidraw/excalidraw
|
||||
- https://hub.docker.com/r/excalidraw/excalidraw
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: app-template
|
||||
alias: excalidraw
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/excalidraw.png
|
||||
# renovate: datasource=github-releases depName=excalidraw/excalidraw
|
||||
appVersion: v0.18.0
|
||||
@@ -19,5 +19,5 @@ dependencies:
|
||||
version: 1.20.0
|
||||
repository: https://kubernetes-sigs.github.io/external-dns/
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
# renovate: datasource=github-releases depName=kubernetes-sigs/external-dns
|
||||
# renovate: github=kubernetes-sigs/external-dns
|
||||
appVersion: v0.20.0
|
||||
|
||||
@@ -19,7 +19,7 @@ external-dns-unifi:
|
||||
webhook:
|
||||
image:
|
||||
repository: ghcr.io/kashalls/external-dns-unifi-webhook
|
||||
tag: v0.8.2
|
||||
tag: v0.8.1
|
||||
env:
|
||||
- name: UNIFI_HOST
|
||||
value: https://192.168.1.1
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
repository: https://charts.external-secrets.io
|
||||
version: 2.1.0
|
||||
digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245
|
||||
generated: "2026-03-07T18:02:23.908145348Z"
|
||||
version: 1.2.1
|
||||
digest: sha256:20d4fe97e96c6bd5ba958b23121d807d8154c39d58b01511b80025166713a141
|
||||
generated: "2026-01-03T23:02:15.181743082Z"
|
||||
|
||||
@@ -12,8 +12,8 @@ sources:
|
||||
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
version: 2.1.0
|
||||
version: 1.2.1
|
||||
repository: https://charts.external-secrets.io
|
||||
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
|
||||
# renovate: datasource=github-releases depName=external-secrets/external-secrets
|
||||
appVersion: v2.1.0
|
||||
# renovate: github=external-secrets/external-secrets
|
||||
appVersion: v1.1.1
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
version: 2.1.6
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.9.1
|
||||
version: 7.4.5
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:a3703e245881145524304af8a03c89d309c602479be3f7f8953c2fba120bf341
|
||||
generated: "2026-03-11T22:56:41.856429843Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:fa0354899549c2bd40310f138126980825046d0d6d71acd7eb7ad121d94f8ccf
|
||||
generated: "2026-01-16T18:46:20.598104939Z"
|
||||
|
||||
@@ -23,15 +23,15 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.4.0
|
||||
version: 2.1.6
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.9.1
|
||||
version: 7.4.5
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
|
||||
# renovate: datasource=github-releases depName=FreshRSS/FreshRSS
|
||||
appVersion: 1.28.1
|
||||
# renovate: github=FreshRSS/FreshRSS
|
||||
appVersion: 1.27.1
|
||||
|
||||
@@ -11,7 +11,7 @@ freshrss:
|
||||
runAsUser: 0
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.3
|
||||
tag: 3.23.2
|
||||
pullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -35,7 +35,7 @@ freshrss:
|
||||
runAsUser: 0
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.3
|
||||
tag: 3.23.2
|
||||
pullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -59,7 +59,7 @@ freshrss:
|
||||
runAsUser: 0
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.3
|
||||
tag: 3.23.2
|
||||
pullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -80,7 +80,7 @@ freshrss:
|
||||
main:
|
||||
image:
|
||||
repository: freshrss/freshrss
|
||||
tag: 1.28.1
|
||||
tag: 1.28.0
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: PGID
|
||||
@@ -88,7 +88,7 @@ freshrss:
|
||||
- name: PUID
|
||||
value: "568"
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
value: US/Central
|
||||
- name: FRESHRSS_ENV
|
||||
value: production
|
||||
- name: CRON_MIN
|
||||
@@ -197,11 +197,11 @@ postgres-18-cluster:
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
index: 2
|
||||
index: 1
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
index: 2
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
isWALArchiver: true
|
||||
@@ -222,7 +222,7 @@ postgres-18-cluster:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 20 14 * * *"
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
@@ -250,8 +250,7 @@ volsync-target-data:
|
||||
enabled: true
|
||||
schedule: 18 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 18 9 * * *
|
||||
enabled: false
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 18 10 * * *
|
||||
schedule: 18 9 * * *
|
||||
|
||||
@@ -19,5 +19,5 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
# renovate: datasource=github-releases depName=deuxfleurs-org/garage
|
||||
# renovate: github=deuxfleurs-org/garage
|
||||
appVersion: v2.1.0
|
||||
|
||||
@@ -1,32 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: garage-main
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-main
|
||||
app.kubernetes.io/service: garage-main
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
ports:
|
||||
- name: admin
|
||||
port: 3903
|
||||
protocol: TCP
|
||||
targetPort: 3903
|
||||
- name: rpc
|
||||
port: 3901
|
||||
protocol: TCP
|
||||
targetPort: 3901
|
||||
- name: s3
|
||||
port: 3900
|
||||
protocol: TCP
|
||||
targetPort: 3900
|
||||
- name: web
|
||||
port: 3902
|
||||
protocol: TCP
|
||||
targetPort: 3902
|
||||
selector:
|
||||
app.kubernetes.io/instance: garage
|
||||
app.kubernetes.io/name: garage
|
||||
garage-type: server
|
||||
@@ -22,7 +22,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.2.0
|
||||
tag: v2.1.0
|
||||
pullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- secretRef:
|
||||
@@ -34,7 +34,7 @@ garage:
|
||||
debug:
|
||||
image:
|
||||
repository: ubuntu
|
||||
tag: resolute-20260108
|
||||
tag: resolute-20251208
|
||||
pullPolicy: IfNotPresent
|
||||
command:
|
||||
- "sleep"
|
||||
@@ -65,7 +65,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.2.0
|
||||
tag: v2.1.0
|
||||
pullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- secretRef:
|
||||
@@ -96,7 +96,7 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.2.0
|
||||
tag: v2.1.0
|
||||
pullPolicy: IfNotPresent
|
||||
envFrom:
|
||||
- secretRef:
|
||||
@@ -225,6 +225,26 @@ garage:
|
||||
api_bind_addr = "[::]:3903"
|
||||
metrics_require_token = true
|
||||
service:
|
||||
garage-main:
|
||||
forceRename: garage-main
|
||||
controller: server-2
|
||||
ports:
|
||||
s3:
|
||||
port: 3900
|
||||
targetPort: 3900
|
||||
protocol: HTTP
|
||||
rpc:
|
||||
port: 3901
|
||||
targetPort: 3901
|
||||
protocol: HTTP
|
||||
web:
|
||||
port: 3902
|
||||
targetPort: 3902
|
||||
protocol : HTTP
|
||||
admin:
|
||||
port: 3903
|
||||
targetPort: 3903
|
||||
protocol: HTTP
|
||||
server-1:
|
||||
forceRename: garage-1
|
||||
controller: server-1
|
||||
@@ -298,12 +318,11 @@ garage:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: garage
|
||||
app.kubernetes.io/instance: garage
|
||||
app.kubernetes.io/service: garage-1
|
||||
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
|
||||
endpoints:
|
||||
- port: admin
|
||||
interval: 5m
|
||||
scrapeTimeout: 2m
|
||||
interval: 1m
|
||||
scrapeTimeout: 30s
|
||||
path: /metrics
|
||||
bearerTokenSecret:
|
||||
name: garage-token-secret
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
dependencies:
|
||||
- name: gatus
|
||||
repository: https://twin.github.io/helm-charts
|
||||
version: 1.5.0
|
||||
version: 1.4.4
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.9.1
|
||||
version: 7.4.5
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:2fe7c088e99a11e0c6dd09fe48bb1e292eb58e22d9f8ff681bb6c6790945d54e
|
||||
generated: "2026-03-11T22:56:56.957400817Z"
|
||||
version: 0.7.0
|
||||
digest: sha256:ee32795b47519463ec6d1219bf4ec16784b1c42d98ae8a330e9650200d11c033
|
||||
generated: "2025-12-27T19:45:37.106953505Z"
|
||||
|
||||
@@ -19,15 +19,15 @@ maintainers:
|
||||
dependencies:
|
||||
- name: gatus
|
||||
repository: https://twin.github.io/helm-charts
|
||||
version: 1.5.0
|
||||
version: 1.4.4
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.9.1
|
||||
version: 7.4.5
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
version: 0.7.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
|
||||
# renovate: datasource=github-releases depName=TwiN/gatus
|
||||
appVersion: v5.35.0
|
||||
# renovate: github=TwiN/gatus
|
||||
appVersion: v5.33.0
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user