alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 1 Actions Activity

Compare commits

base: alexlebens:main
Branches Tags
alexlebens:main alexlebens:renovate/cilium-1.x alexlebens:manifests
..
compare: alexlebens:86d95d7a7ad5c1bc5e0d01394a2896a43278db91
Branches Tags
alexlebens:renovate/cilium-1.x alexlebens:main alexlebens:manifests

1 Commits
main ... 86d95d7a7a

Author SHA1 Message Date
Renovate Bot
86d95d7a7a chore(deps): update dependency rancher/local-path-provisioner to v0.0.35
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
lint-test-helm / lint-helm (pull_request) Successful in 17s
Details
2026-03-10 19:02:28 +00:00
175 changed files with 1129 additions and 3132 deletions
Expand all files Collapse all files

79
.gitea/workflows/lint-test-docker.yaml
View File

@@ -14,7 +14,7 @@ on:
- 'hosts/**' - 'hosts/**'
env: env:
BASE_BRANCH: "origin/${{ github.base_ref }}" BASE_BRANCH: "origin/${{ gitea.base_ref }}"
jobs: jobs:
lint-docker-compose: lint-docker-compose:
@@ -36,20 +36,19 @@ jobs:
id: branch-exists id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request' if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: | run: |
if [ "${{ github.event_name }}" == "push" ]; then if [ ${{ github.event_name == 'push' }} ]; then
echo ">> Action is from a push event, will continue with linting" echo ">> Action is from a push event, will continue with linting"
else else
echo ">> Branch ${{ github.base_ref }} exists, will continue with linting" echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi fi
echo ""
echo "----" echo "----"
echo "exists=true" >> $GITHUB_OUTPUT echo "exists=true" >> $GITEA_OUTPUT
- name: Set Up Node.js - name: Set up Node.js
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: actions/setup-node@v6 uses: actions/setup-node@v6
with: with:
@@ -59,48 +58,58 @@ jobs:
id: check-dir-changes id: check-dir-changes
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
run: | run: |
CHANGED_COMPOSE=()
echo ">> Target branch for diff is: ${BASE_BRANCH}" echo ">> Target branch for diff is: ${BASE_BRANCH}"
if [ "${{ github.event_name }}" == "pull_request" ]; then if [ "${{ github.event_name }}" == "pull_request" ]; then
DIFF_TARGET="${BASE_BRANCH}"
echo "" echo ""
echo ">> Checking for changes in a pull request ..." echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
else else
DIFF_TARGET="${{ github.event.before }}..HEAD"
echo "" echo ""
echo ">> Checking for changes from a push ..." echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
fi fi
CHANGED_COMPOSE=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^hosts/[^/]+/[^/]+/" | cut -d/ -f1,2,3 | sort -u || true) if [ -n "${GIT_DIFF}" ]; then
echo ""
echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "hosts/[^/]+/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_COMPOSE+=$(echo "$path")
CHANGED_COMPOSE+=$(echo " ")
fi
done
else
echo ""
echo ">> No changes detected"
fi
if [ -n "${CHANGED_COMPOSE}" ]; then if [ -n "${CHANGED_COMPOSE}" ]; then
echo "" echo ""
echo ">> Compose to Lint:" echo ">> Compose to Lint:"
echo "" echo "$(echo "${CHANGED_COMPOSE}" | sort -u)"
echo "${CHANGED_COMPOSE}"
CHANGED_COMPOSE_CSV=$(echo "$CHANGED_COMPOSE" | paste -sd ',' -)
echo ""
echo "----" echo "----"
echo "changes-detected=true" >> $GITHUB_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
echo "compose-dir-csv=${CHANGED_COMPOSE_CSV}" >> $GITHUB_OUTPUT echo "compose-dir<<EOF" >> $GITEA_OUTPUT
echo "compose-dir<<EOF" >> $GITHUB_OUTPUT echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT
echo "${CHANGED_COMPOSE}" >> $GITHUB_OUTPUT echo "EOF" >> $GITEA_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
else else
echo "" echo ""
echo ">> Did not find any docker compose files to lint" echo ">> Did not find any docker compose files to lint"
echo ""
echo "----" echo "----"
echo "changes-detected=false" >> $GITHUB_OUTPUT echo "changes-detected=false" >> $GITEA_OUTPUT
fi fi
- name: Lint Docker Compose - name: Lint Docker Compose
@@ -108,27 +117,25 @@ jobs:
env: env:
CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }} CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
run: | run: |
echo ">> Running dclint on changed compose files ..." echo ">> Running dclint on changed compose files:"
echo "$CHANGED_COMPOSE"
for COMPOSE in $CHANGED_COMPOSE; do
echo ">> Linting ${COMPOSE} ..."
npx dclint ${COMPOSE}
for compose in $CHANGED_COMPOSE; do
echo ">> Linting $compose ..."
npx dclint $compose
done done
echo ""
echo "----"
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}' topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Docker Compose Test Failure' title: 'Test Failure - Infrastructure'
priority: 3 priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed tags: action,failed
details: "Docker linting for compose dirs: ${{ steps.check-dir-changes.outputs.compose-dir-csv }}" details: 'Docker linting on Pull Request for Infrastructure has failed!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Logs", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
image: true

303
.gitea/workflows/lint-test-helm.yaml
View File

@@ -15,17 +15,11 @@ on:
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
BASE_BRANCH: "origin/${{ github.base_ref }}" BASE_BRANCH: "origin/${{ gitea.base_ref }}"
# renovate: datasource=github-releases depName=yannh/kubeconform
KUBECONFORM_VERSION: "v0.6.7"
jobs: jobs:
lint-helm: lint-helm:
runs-on: ubuntu-js runs-on: ubuntu-js
outputs:
chart-dir: ${{ steps.check-dir-changes.outputs.chart-dir }}
chart-dir-csv: ${{ steps.check-dir-changes.outputs.chart-dir-csv }}
changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v6 uses: actions/checkout@v6
@@ -37,91 +31,88 @@ jobs:
if: github.event_name == 'pull_request' if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@v1.1 uses: GuillaumeFalourd/branch-exists@v1.1
with: with:
branch: ${{ github.base_ref }} branch: ${{ gitea.base_ref }}
- name: Report Branch Exists - name: Report Branch Exists
id: branch-exists id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request' if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: | run: |
if [ "${{ github.event_name }}" == "push" ]; then if [ ${{ github.event_name == 'push' }} ]; then
echo ">> Action is from a push event, will continue with linting" echo ">> Action is from a push event, will continue with linting"
else else
echo ">> Branch ${{ github.base_ref }} exists, will continue with linting" echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi fi
echo ""
echo "----" echo "----"
echo "exists=true" >> $GITHUB_OUTPUT echo "exists=true" >> $GITEA_OUTPUT
- name: Set Up Helm - name: Set up Helm
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@v4 uses: azure/setup-helm@v4
with: with:
token: ${{ secrets.GITEA_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm version: v3.19.2
version: v4.1.3
cache: true cache: true
- name: Cache Helm Dependencies
if: steps.branch-exists.outputs.exists == 'true'
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Check Directories for Changes - name: Check Directories for Changes
id: check-dir-changes id: check-dir-changes
if: steps.branch-exists.outputs.exists == 'true' if: steps.branch-exists.outputs.exists == 'true'
run: | run: |
CHANGED_CHARTS=()
echo ">> Target branch for diff is: ${BASE_BRANCH}" echo ">> Target branch for diff is: ${BASE_BRANCH}"
if [ "${{ github.event_name }}" == "pull_request" ]; then if [ "${{ github.event_name }}" == "pull_request" ]; then
DIFF_TARGET="${BASE_BRANCH}"
echo "" echo ""
echo ">> Checking for changes in a pull request ..." echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
else else
DIFF_TARGET="${{ github.event.before }}..HEAD"
echo "" echo ""
echo ">> Checking for changes from a push ..." echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
fi fi
CHANGED_CHARTS=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true) if [ -n "${GIT_DIFF}" ]; then
echo ""
echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "clusters/[^/]+/helm/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
CHANGED_CHARTS+=$(echo "\n")
fi
done
else
echo ""
echo ">> No changes detected"
fi
if [ -n "${CHANGED_CHARTS}" ]; then if [ -n "${CHANGED_CHARTS}" ]; then
echo "" echo ""
echo ">> Chart to Lint:" echo ">> Chart to Lint:"
echo "" echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
echo "${CHANGED_CHARTS}"
CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
echo ""
echo "----" echo "----"
echo "changes-detected=true" >> $GITHUB_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
echo "chart-dir-csv=${CHANGED_CHARTS_CSV}" >> $GITHUB_OUTPUT echo "chart-dir<<EOF" >> $GITEA_OUTPUT
echo "chart-dir<<EOF" >> $GITHUB_OUTPUT echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
echo "${CHANGED_CHARTS}" >> $GITHUB_OUTPUT echo "EOF" >> $GITEA_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
else else
echo "" echo ""
echo ">> Did not find any helm charts files to lint" echo ">> Did not find any helm charts files to lint"
echo ""
echo "----" echo "----"
echo "changes-detected=false" >> $GITHUB_OUTPUT echo "changes-detected=false" >> $GITEA_OUTPUT
fi fi
- name: Add Repositories - name: Add Repositories
@@ -130,238 +121,68 @@ jobs:
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }} CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
run: | run: |
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
echo "" for dir in ${CHANGED_CHARTS}; do
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/$dir 2> /dev/null \
for DIR in ${CHANGED_CHARTS}; do | tail +2 | head -n -1 \
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \ | awk '{ print "helm repo add " $1 " " $3 }' \
| tail -n +2 \ | while read cmd; do
| awk 'NF > 0 { print $1, $3 }' \ if [[ "$cmd" == "*oci://*" ]]; then
| while read -r REPO_NAME REPO_URL; do echo ">> Ignoring OCI repo"
if [[ "${REPO_URL}" == oci://* ]]; then else
echo ">> Ignoring OCI repo: ${REPO_URL}" echo ">> Command: $cmd"
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo "" echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo ""
echo "----" echo "----"
- name: Lint Helm Chart - name: Lint Helm Chart
id: lint
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
env: env:
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }} CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
run: | run: |
EXIT_CODE=0
FAILED_CHARTS=""
echo ">> Running linting on changed charts ..." echo ">> Running linting on changed charts ..."
for DIR in ${CHANGED_CHARTS}; do for dir in ${CHANGED_CHARTS}; do
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}" chart_path=clusters/${CLUSTER}/helm/$dir
CHART_NAME=$(basename "${CHART_PATH}") chart_name=$(basename "$chart_path")
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
echo "" cd $chart_path
echo ">> Building helm dependency for ${CHART_NAME} ..."
helm dependency build "${CHART_PATH}" --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ${CHART_NAME} ..." echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
if ! helm lint "${CHART_PATH}" --namespace "default"; then echo ""
EXIT_CODE=1 echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
if [ -z "${FAILED_CHARTS}" ]; then
FAILED_CHARTS="${DIR}"
else
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
fi
fi
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo ""
fi fi
done done
echo ""
echo "----"
echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
exit $EXIT_CODE
- name: ntfy Failed - name: ntfy Failed
uses: niniyas/ntfy-action@master uses: niniyas/ntfy-action@master
if: failure() if: failure()
with: with:
url: '${{ secrets.NTFY_URL }}' url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}' topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Helm Test Failure' title: 'Test Failure - Infrastructure'
priority: 3 priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}' headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed tags: action,failed
details: "Helm linting for cluster '${CLUSTER}' failed on charts: ${{ steps.lint.outputs.failed-charts }}" details: 'Helm linting on Pull Request for Infrastructure has failed!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
image: true
validate-kubeconform:
needs: lint-helm
runs-on: ubuntu-js
if: |
needs.lint-helm.result == 'success' &&
needs.lint-helm.outputs.changes-detected == 'true' &&
github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Install Kubeconform
run: |
echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
echo ""
echo ">> Extracting Kubeconform ..."
tar xf kubeconform-linux-amd64.tar.gz
echo ""
echo ">> Installing Kubeconform ..."
sudo mv kubeconform /usr/local/bin/
echo ""
echo ">> Verifying installation ..."
kubeconform -v
echo ""
echo "----"
- name: Set Up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm
version: v4.1.3
cache: true
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Add Repositories
env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: |
echo ">> Adding repositories for chart dependencies ..."
echo ""
for DIR in ${CHANGED_CHARTS}; do
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo ""
echo "----"
- name: Validate Rendered Templates
id: validate
env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: |
SCHEMA_LOCATIONS="-schema-location default -schema-location https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
EXIT_CODE=0
FAILED_CHARTS=""
for DIR in ${CHANGED_CHARTS}; do
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
echo ""
echo ">> Validating: ${DIR}"
helm dependency build "${CHART_PATH}" --skip-refresh
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
kubeconform \
${SCHEMA_LOCATIONS} \
-ignore-missing-schemas \
-strict \
-summary; then
EXIT_CODE=1
if [ -z "${FAILED_CHARTS}" ]; then
FAILED_CHARTS="${DIR}"
else
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
fi
fi
done
echo ""
echo "----"
echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
exit $EXIT_CODE
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Kubeconform Test Failure'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Kubeconform for cluster '${CLUSTER}' failed on charts: ${{ steps.validate.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true

195
.gitea/workflows/render-manifests-automerge.yaml
View File

@@ -1,14 +1,13 @@
name: render-manifests-automerge name: render-manifests-automerge
on: on:
workflow_dispatch: pull_request:
# pull_request: branches:
# branches: - main
# - main paths:
# paths: - 'clusters/cl01tl/helm/**'
# - 'clusters/cl01tl/helm/**' types:
# types: - closed
# - closed
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
@@ -47,16 +46,6 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
id: prepare-manifest-branch id: prepare-manifest-branch
run: | run: |
@@ -64,12 +53,10 @@ jobs:
BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)" BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Creating branch ..." echo ">> Creating branch ..."
git checkout -b $BRANCH_NAME git checkout -b $BRANCH_NAME
@@ -80,31 +67,38 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Checking for changes from HEAD^..HEAD ..." echo ">> Checking for changes from HEAD^..HEAD ..."
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
# Extract the chart names from the git diff if [ -n "${GIT_DIFF}" ]; then
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true) echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo "" echo "changes-detected=false" >> $GITEA_OUTPUT
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -112,31 +106,25 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
@@ -146,16 +134,15 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Remove manfiest files and rebuild from source ..." echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR} chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "${CHART_PATH}" echo "$chart_path"
rm -rf ${CHART_PATH}/* rm -rf $chart_path/*
done done
echo "----" echo "----"
@@ -168,57 +155,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -226,23 +216,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -250,18 +232,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -274,22 +254,19 @@ jobs:
env: env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }} BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after automerge" git commit -m "chore: Update manifests after automerge"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Create Pull Request - name: Create Pull Request
id: create-pull-request id: create-pull-request

195
.gitea/workflows/render-manifests-dispatch.yaml
View File

@@ -1,11 +1,10 @@
name: render-manifests-dispatch name: render-manifests-dispatch
on: on:
workflow_dispatch: schedule:
# schedule: - cron: '0 3 * * *'
# - cron: '0 15 * * *'
# workflow_dispatch: workflow_dispatch:
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
@@ -44,39 +43,24 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Checking if PR branch exists ..." echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..." echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}" git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}" git checkout "${BRANCH_NAME}"
git pull --rebase git pull --rebase
else else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..." echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}" git checkout -b $BRANCH_NAME
fi fi
echo "----" echo "----"
@@ -84,29 +68,25 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Triggered on dispatch, will check all paths ..." echo ">> Triggered on dispatch, will check all paths ..."
RENDER_DIR+=$(ls clusters/cl01tl/helm/)
# Extract names of charts
RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo ">> No directories found" echo "changes-detected=false" >> $GITEA_OUTPUT
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -114,54 +94,29 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ""
echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}
echo "${CHART_PATH}"
rm -rf ${CHART_PATH}/*
done
echo "----"
- name: Render Helm Manifests - name: Render Helm Manifests
id: render-manifests id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
@@ -170,57 +125,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -228,23 +186,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -252,18 +202,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -274,23 +222,20 @@ jobs:
id: commit-push id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true' if: steps.check-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after change" git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT" echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request - name: Check for Pull Request
id: check-for-pull-requst id: check-for-pull-requst

206
.gitea/workflows/render-manifests-merge.yaml
View File

@@ -1,14 +1,13 @@
name: render-manifests-merge name: render-manifests-merge
on: on:
workflow_dispatch: pull_request:
# pull_request: branches:
# branches: - main
# - main paths:
# paths: - 'clusters/cl01tl/helm/**'
# - 'clusters/cl01tl/helm/**' types:
# types: - closed
# - closed
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
@@ -48,39 +47,24 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ""
echo ">> Checking if PR branch exists ..." echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..." echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}" git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}" git checkout "${BRANCH_NAME}"
git pull --rebase git pull --rebase
else else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..." echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}" git checkout -b $BRANCH_NAME
fi fi
echo "----" echo "----"
@@ -88,31 +72,38 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Checking for changes from HEAD^..HEAD ..." echo ">> Checking for changes from HEAD^..HEAD ..."
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
# Extract the chart names from the git diff if [ -n "${GIT_DIFF}" ]; then
RENDER_DIR=$(git diff --name-only HEAD^..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true) echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo "" echo "changes-detected=false" >> $GITEA_OUTPUT
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -120,31 +111,25 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
@@ -154,16 +139,15 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Remove manfiest files and rebuild from source ..." echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR} chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "${CHART_PATH}" echo "$chart_path"
rm -rf ${CHART_PATH}/* rm -rf $chart_path/*
done done
echo "----" echo "----"
@@ -176,57 +160,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -234,23 +221,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -258,18 +237,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -280,23 +257,20 @@ jobs:
id: commit-push id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true' if: steps.check-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after change" git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT" echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request - name: Check for Pull Request
id: check-for-pull-requst id: check-for-pull-requst

202
.gitea/workflows/render-manifests-push.yaml
View File

@@ -1,12 +1,11 @@
name: render-manifests-push name: render-manifests-push
on: on:
workflow_dispatch: push:
# push: branches:
# branches: - main
# - main paths:
# paths: - 'clusters/cl01tl/helm/**'
# - 'clusters/cl01tl/helm/**'
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
@@ -46,38 +45,24 @@ jobs:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Prepare Manifest Branch - name: Prepare Manifest Branch
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Configure git to use gitea-bot as user ..." echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot" git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net" git config user.email "gitea-bot@alexlebens.net"
echo ">> Checking if PR branch exists ..." echo ">> Checking if PR branch exists ..."
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..." echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}" git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}" git checkout "${BRANCH_NAME}"
git pull --rebase git pull --rebase
else else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..." echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}" git checkout -b $BRANCH_NAME
fi fi
echo "----" echo "----"
@@ -85,31 +70,38 @@ jobs:
- name: Check which Directories have Changes - name: Check which Directories have Changes
id: check-dir-changes id: check-dir-changes
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
RENDER_DIR=()
echo ""
echo ">> Checking for changes ..." echo ">> Checking for changes ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
# Extract the chart names from the git diff if [ -n "${GIT_DIFF}" ]; then
RENDER_DIR=$(git diff --name-only ${{ gitea.event.before }}..HEAD | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true) echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:" echo ">> Directories to Render:"
echo "${RENDER_DIR}" echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----" echo "----"
echo "changes-detected=true" >> "$GITEA_OUTPUT" echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> "$GITEA_OUTPUT" echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "${RENDER_DIR}" >> "$GITEA_OUTPUT" echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> "$GITEA_OUTPUT" echo "EOF" >> $GITEA_OUTPUT
else else
echo "" echo "changes-detected=false" >> $GITEA_OUTPUT
echo ">> No chart changes detected"
echo "changes-detected=false" >> "$GITEA_OUTPUT"
fi fi
- name: Add Repositories - name: Add Repositories
@@ -117,31 +109,25 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MAIN_DIR}" cd ${MAIN_DIR}
echo ""
echo ">> Adding repositories for chart dependencies ..." echo ">> Adding repositories for chart dependencies ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \ helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail -n +2 \ | tail +2 | head -n -1 \
| awk 'NF > 0 { print $1, $3 }' \ | awk '{ print "helm repo add " $1 " " $3 }' \
| while read -r REPO_NAME REPO_URL; do | while read cmd; do
if [[ "${REPO_URL}" == oci://* ]]; then if [[ "$cmd" == "*oci://*" ]]; then
echo "" echo ">> Ignoring OCI repo"
echo ">> Ignoring OCI repo: ${REPO_URL}" else
echo "$cmd" | sh;
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi fi
done || true done || true
done done
if helm repo list > /dev/null 2>&1; then if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..." echo ">> Update repository cache ..."
helm repo update helm repo update
fi fi
echo "----" echo "----"
@@ -151,17 +137,15 @@ jobs:
env: env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }} RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Remove manfiest files and rebuild from source ..." echo ">> Remove manfiest files and rebuild from source ..."
for DIR in ${RENDER_DIR}; do for dir in ${RENDER_DIR}; do
CHART_PATH=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR} chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "" echo "$chart_path"
echo "${CHART_PATH}" rm -rf $chart_path/*
rm -rf ${CHART_PATH}/*
done done
echo "----" echo "----"
@@ -174,57 +158,60 @@ jobs:
run: | run: |
cd ${MAIN_DIR} cd ${MAIN_DIR}
echo ""
echo ">> Rendering Manifests ..." echo ">> Rendering Manifests ..."
render_chart() { for dir in ${RENDER_DIR}; do
local DIR="$1" chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" chart_name=$(basename "$chart_path")
local CHART_NAME=$(basename "${CHART_PATH}")
echo "" echo ""
echo ">> Rendering ..." echo ""
echo ">> Chart: ${CHART_NAME}" echo ">> Rendering chart: $chart_name"
echo ">> Path: ${CHART_PATH}" echo ">> Chart path $chart_path"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then if [ -f "$chart_path/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/" OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p "${OUTPUT_FOLDER}" mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd "${CHART_PATH}"
cd $chart_path
echo "" echo ""
echo ">> Updating helm dependencies ..." echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh > /dev/null helm dependency update --skip-refresh
echo "" echo ""
echo ">> Linting helm chart ..." echo ">> Building helm dependency ..."
helm lint --namespace "${CHART_NAME}" --quiet helm dependency build --skip-refresh
local NAMESPACE="${CHART_NAME}" echo ""
case "${CHART_NAME}" in echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack") "stack")
NAMESPACE="argocd"
echo "" echo ""
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds") "cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
NAMESPACE="kube-system"
echo "" echo ""
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;; ;;
*) *)
echo "" echo ""
echo ">> Standard Rendering for ${CHART_NAME} ..." echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac esac
echo "" echo ""
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness # Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do for file in "$OUTPUT_FOLDER"/*; do
@@ -232,23 +219,15 @@ jobs:
done done
echo "" echo ""
echo ">> Manifests for ${CHART_NAME} rendered to ${OUTPUT_FOLDER}:" echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER ls $OUTPUT_FOLDER
echo "" echo ""
else else
echo "" echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..." echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo "" echo ""
fi fi
} done
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -n 1 -P 4 -I {} bash -c 'render_chart "$@"' _ {}
echo "----" echo "----"
@@ -256,18 +235,16 @@ jobs:
id: check-changes id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true' if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain) GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then if [ -n "$GIT_CHANGES" ]; then
echo ""
echo ">> Changes detected" echo ">> Changes detected"
git status --porcelain git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT echo "changes-detected=true" >> $GITEA_OUTPUT
else else
echo ""
echo ">> No changes detected, skipping PR creation" echo ">> No changes detected, skipping PR creation"
fi fi
@@ -278,23 +255,20 @@ jobs:
id: commit-push id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true' if: steps.check-changes.outputs.changes-detected == 'true'
run: | run: |
cd "${MANIFEST_DIR}" cd ${MANIFEST_DIR}
echo ""
echo ">> Commiting changes to ${BRANCH_NAME} ..." echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add . git add .
git commit -m "chore: Update manifests after change" git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}" REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo "" echo ">> Pushing changes to $REPO_URL ..."
echo ">> Pushing changes to ${REPO_URL} ..." git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo "----" echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> "$GITEA_OUTPUT" echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> "$GITEA_OUTPUT" echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request - name: Check for Pull Request
id: check-for-pull-requst id: check-for-pull-requst

636
.gitea/workflows/render-manifests.yaml
View File

@@ -1,636 +0,0 @@
name: render-manifests
on:
schedule:
- cron: '0 15 * * *'
workflow_dispatch:
push:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
pull_request:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
types:
- closed
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME_BASE: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests:
runs-on: ubuntu-js
if: >-
github.event_name == 'schedule' ||
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'push' && github.actor != 'renovate-bot') ||
(github.event_name == 'pull_request' && github.event.pull_request.merged == true)
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set Up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Determine Workflow Mode
id: mode
run: |
IS_AUTOMERGE="false"
RENDER_ALL="false"
DIFF_TARGET=""
if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
echo ">> Mode: Dispatch/Schedule (Render All)"
RENDER_ALL="true"
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
if [[ "${{ contains(github.event.pull_request.labels.*.name, 'automerge') }}" == "true" ]]; then
echo ">> Mode: PR Merged (Automerge)"
IS_AUTOMERGE="true"
else
echo ">> Mode: PR Merged (Standard)"
fi
DIFF_TARGET="HEAD^..HEAD"
elif [[ "${{ github.event_name }}" == "push" ]]; then
echo ">> Mode: Push (Standard)"
DIFF_TARGET="${{ github.event.before }}..HEAD"
fi
echo ""
echo "----"
echo "is-automerge=${IS_AUTOMERGE}" >> "$GITHUB_OUTPUT"
echo "render-all=${RENDER_ALL}" >> "$GITHUB_OUTPUT"
echo "diff-target=${DIFF_TARGET}" >> "$GITHUB_OUTPUT"
- name: Prepare Manifest Branch
id: prepare-manifest-branch
env:
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
run: |
cd "${MANIFEST_DIR}"
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
if [[ "$IS_AUTOMERGE" == "true" ]]; then
echo ""
echo ">> Creating branch ${BRANCH_NAME} ..."
BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-$(date +%Y%m%d%H%M%S)"
git checkout -b "$BRANCH_NAME"
else
echo ""
echo ">> Checking if PR branch exists ..."
BRANCH_NAME="${BRANCH_NAME_BASE}"
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}"
fi
fi
echo ""
echo "----"
echo "branch-name=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
- name: Check Which Directories Have Changes
id: check-dir-changes
env:
RENDER_ALL: ${{ steps.mode.outputs.render-all }}
DIFF_TARGET: ${{ steps.mode.outputs.diff-target }}
run: |
cd "${MAIN_DIR}"
if [[ "$RENDER_ALL" == "true" ]]; then
echo ">> Triggered on dispatch, will check all paths ..."
RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
else
echo ">> Checking for changes from ${DIFF_TARGET} ..."
RENDER_DIR=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
fi
if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:"
echo ""
echo "${RENDER_DIR}"
echo ""
echo "----"
echo "changes-detected=true" >> "$GITHUB_OUTPUT"
echo "render-dir<<EOF" >> "$GITHUB_OUTPUT"
echo "${RENDER_DIR}" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
else
echo ""
echo ">> No chart changes detected"
echo ""
echo "----"
echo "changes-detected=false" >> "$GITHUB_OUTPUT"
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ">> Adding repositories for chart dependencies ..."
echo ""
for DIR in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo ""
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ">> Remove manifest files and rebuild from source ..."
echo ""
for DIR in ${RENDER_DIR}; do
CHART_PATH="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}"
echo "${CHART_PATH}"
rm -rf "${CHART_PATH}"/*
done
echo ""
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ">> Rendering Manifests ..."
render_chart() {
local DIR="$1"
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
local CHART_NAME=$(basename "${CHART_PATH}")
echo ""
echo ">> Rendering chart: ${CHART_NAME}"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
mkdir -p "${OUTPUT_FOLDER}"
cd "${CHART_PATH}"
helm dependency update --skip-refresh > /dev/null
helm lint --namespace "${CHART_NAME}" --quiet
local NAMESPACE="${CHART_NAME}"
case "${CHART_NAME}" in
"stack")
NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
*)
echo ">> Standard Rendering ..."
esac
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ">> Manifests for ${CHART_NAME} rendered successfully to $OUTPUT_FOLDER:"
echo ""
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
fi
}
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo ""
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then
echo ">> Changes detected"
git status --porcelain
CHANGED_CHARTS=$(echo "$GIT_CHANGES" | grep -oE "clusters/${CLUSTER}/manifests/[^/]+" | awk -F '/' '{print $4}' | sort -u | paste -sd ',' -)
echo ""
echo "----"
echo "changes-detected=true" >> "$GITHUB_OUTPUT"
echo "changed-charts-csv=${CHANGED_CHARTS}" >> "$GITHUB_OUTPUT"
else
echo ">> No changes detected, skipping PR creation"
echo ""
echo "----"
fi
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
run: |
cd "${MANIFEST_DIR}"
MSG="chore: Update manifests after change"
if [[ "$IS_AUTOMERGE" == "true" ]]; then
MSG="chore: Update manifests after automerge"
fi
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "${MSG}"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ""
echo ">> Pushing changes to ${REPO_URL} ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo ""
echo "----"
echo "push=true" >> "$GITHUB_OUTPUT"
echo "head-branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
- name: Check for Pull Request
id: check-for-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(curl -X GET -s -w '%{http_code}' -o response_body.json -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ""
echo ">> Pull Request has been found open, will update"
echo ""
echo "----"
echo "pull-request-exists=$(cat response_body.json | jq -r .[0].number)" >> "$GITHUB_OUTPUT"
echo "pull-request-url=$(cat response_body.json | jq -r .[0].html_url)" >> "$GITHUB_OUTPUT"
else
echo ""
echo ">> Pull Request not found"
echo ""
echo "----"
echo "pull-request-exists=false" >> "$GITHUB_OUTPUT"
fi
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && (steps.mode.outputs.is-automerge == 'true' || steps.check-for-pull-request.outputs.pull-request-exists == 'false')
env:
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
EVENT_NAME: ${{ github.event_name }}
ACTOR: ${{ github.actor }}
SHA: ${{ github.sha }}
REF: ${{ github.ref_name }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
BODY=$(printf "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.\n\n### Details\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
if [[ "$IS_AUTOMERGE" == "true" ]]; then
TITLE="Automated Manifest Update - Automerge"
BODY=$(printf "%s\n\n_This PR is expected to be automerged._" "${BODY}")
else
TITLE="Automated Manifest Update"
fi
PAYLOAD=$(jq -n --arg head "${HEAD_BRANCH}" --arg base "${BASE_BRANCH}" --arg assignee "${ASSIGNEE}" --arg title "${TITLE}" --arg body "${BODY}" '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}')
HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
echo ""
echo "----"
echo "pull-request-url=$(jq -r .html_url response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-id=$(jq -r .id response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-number=$(jq -r .number response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-operation=created" >> "$GITHUB_OUTPUT"
elif [[ "$HTTP_STATUS" == "422" || "$HTTP_STATUS" == "409" ]]; then
echo ""
echo ">> Failed to create PR (Already exists)"
echo ""
echo "----"
else
echo ""
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
echo ""
echo "----"
exit 1
fi
- name: Update Pull Request
id: update-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
PR_NUMBER: ${{ steps.check-for-pull-request.outputs.pull-request-exists }}
CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
EVENT_NAME: ${{ github.event_name }}
ACTOR: ${{ github.actor }}
SHA: ${{ github.sha }}
REF: ${{ github.ref_name }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}"
EXISTING_BODY=$(jq -r '.[0].body' response_body.json)
NEW_DETAILS=$(printf "### Update Details (%s)\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "$(date -u +'%Y-%m-%d %H:%M UTC')" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
UPDATED_BODY=$(printf "%s\n\n%s" "${EXISTING_BODY}" "${NEW_DETAILS}")
PAYLOAD=$(jq -n --arg body "${UPDATED_BODY}" '{body: $body}')
HTTP_STATUS=$(curl -X PATCH -s -w '%{http_code}' -o update_response.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "201" ] || [ "$HTTP_STATUS" == "200" ]; then
echo ">> Pull Request updated successfully!"
echo ""
echo "----"
echo "pull-request-operation=updated" >> "$GITHUB_OUTPUT"
else
echo ">> Failed to update PR, HTTP status code: $HTTP_STATUS"; exit 1
echo ""
echo "----"
fi
- name: Merge Changes
id: merge-changes
if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
PAYLOAD=$(jq -n --arg Do "merge" '{Do: $Do}')
HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "200" ]; then
echo ">> Pull Request merged successfully!"
echo ""
echo "----"
echo "pull-request-operation=merged" >> "$GITHUB_OUTPUT"
else
echo ">> Failed to merge PR, HTTP status code: $HTTP_STATUS"; exit 1
echo ""
echo "----"
fi
- name: Cleanup Branch
if: failure() && steps.mode.outputs.is-automerge == 'true'
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
run: |
cd "${MANIFEST_DIR}"
echo ">> Removing branch: ${BRANCH_NAME}"
git push origin --delete "${BRANCH_NAME}" || true
echo ""
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render - Open PR"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Created renderd manifests for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Updated
uses: niniyas/ntfy-action@master
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render - PR Updated"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Updated rendered manifests PR for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.check-for-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Merged
uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render - Automerged"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Automerged manifest rendering for cluster '${CLUSTER}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View Logs", "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'

5
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -81,8 +81,7 @@ volsync-target-data:
enabled: true enabled: true
schedule: 0 8 * * * schedule: 0 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 0 9 * * *
external: external:
enabled: true enabled: true
schedule: 0 10 * * * schedule: 0 9 * * *

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 1.0.2 version: 0.47.4
- name: argo-events - name: argo-events
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 2.4.20 version: 2.4.20
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
digest: sha256:31596af063744c13afac459184cd027d922d927f4191446eef63646bada28f8f digest: sha256:772ba83a6e0fa6a7e3633ff1fff0f8221b45a1f36ec890489cfa383330d99f81
generated: "2026-03-14T21:07:58.491981-05:00" generated: "2026-02-27T18:14:32.22595048Z"

6
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,15 +18,15 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-workflows - name: argo-workflows
version: 1.0.2 version: 0.47.4
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: argo-events - name: argo-events
version: 2.4.20 version: 2.4.20
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows # renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.2 appVersion: v4.0.1

12
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -1,14 +1,4 @@
argo-workflows: argo-workflows:
crds:
install: true
keep: true
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.2
controller: controller:
metricsConfig: metricsConfig:
enabled: true enabled: true
@@ -115,7 +105,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.0 appVersion: 2.32.1

44
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,52 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: audiobookshelf-books-nfs-storage name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: audiobookshelf-books-nfs-storage volumeName: audiobookshelf-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-podcasts-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

56
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: audiobookshelf-books-nfs-storage name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
@@ -15,57 +15,7 @@ spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
nfs: nfs:
path: /volume2/Storage/Books path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Audiobooks
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Podcasts
server: synologybond.alexlebens.net server: synologybond.alexlebens.net
mountOptions: mountOptions:
- vers=4 - vers=4

30
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.0 tag: 2.32.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -114,26 +114,12 @@ audiobookshelf:
main: main:
- path: /metadata - path: /metadata
readOnly: false readOnly: false
books:
existingClaim: audiobookshelf-books-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Books
readOnly: false
audiobooks: audiobooks:
existingClaim: audiobookshelf-audiobooks-nfs-storage existingClaim: audiobookshelf-nfs-storage
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /mnt/store/Audiobooks - path: /mnt/store/
readOnly: false
podcasts:
existingClaim: audiobookshelf-podcasts-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Podcasts
readOnly: false readOnly: false
volsync-target-config: volsync-target-config:
pvcTarget: audiobookshelf-config pvcTarget: audiobookshelf-config
@@ -141,19 +127,17 @@ volsync-target-config:
enabled: true enabled: true
schedule: 2 8 * * * schedule: 2 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 2 9 * * *
external: external:
enabled: true enabled: true
schedule: 2 10 * * * schedule: 2 9 * * *
volsync-target-metadata: volsync-target-metadata:
pvcTarget: audiobookshelf-metadata pvcTarget: audiobookshelf-metadata
local: local:
enabled: true enabled: true
schedule: 4 8 * * * schedule: 4 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 4 9 * * *
external: external:
enabled: true enabled: true
schedule: 4 10 * * * schedule: 4 9 * * *

6
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:abb34b7bb54393236e695453aa1940497cb4def3d3a56a45ca004a22f8e05648 digest: sha256:fad7059feb4ac80e06cd571a56215d56e4894eba69fb54aaa1e53ced9ec1b2b1
generated: "2026-03-11T22:55:49.936164674Z" generated: "2026-03-09T23:06:05.608952158Z"

2
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -28,7 +28,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey

6
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -68,7 +68,7 @@ postgres-18-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
index: 2 index: 1
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
@@ -91,9 +91,9 @@ postgres-18-cluster:
# isWALArchiver: false # isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: true
immediate: true immediate: true
schedule: "0 5 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

2
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -27,4 +27,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
# renovate: datasource=github-releases depName=garethgeorge/backrest # renovate: datasource=github-releases depName=garethgeorge/backrest
appVersion: v1.12.1 appVersion: v1.12.0

12
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -8,7 +8,7 @@ backrest:
main: main:
image: image:
repository: garethgeorge/backrest repository: garethgeorge/backrest
tag: v1.12.1 tag: v1.12.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -111,19 +111,17 @@ volsync-target-data:
enabled: true enabled: true
schedule: 6 8 * * * schedule: 6 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 6 9 * * *
external: external:
enabled: true enabled: true
schedule: 6 10 * * * schedule: 6 9 * * *
volsync-target-config: volsync-target-config:
pvcTarget: backrest-config pvcTarget: backrest-config
local: local:
enabled: true enabled: true
schedule: 8 8 * * * schedule: 8 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 8 9 * * *
external: external:
enabled: true enabled: true
schedule: 8 10 * * * schedule: 8 9 * * *

2
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -6,7 +6,7 @@ keywords:
- bazarr - bazarr
- servarr - servarr
- subtitles - subtitles
home: https://wiki.alexlebens.dev/s/ home: https://wiki.alexlebens.dev/s/92784d53-1d43-42fd-b509-f42c73454226
sources: sources:
- https://github.com/morpheus65535/bazarr - https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr - https://github.com/linuxserver/docker-bazarr

7
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa tag: 1.5.6@sha256:94eee5e3e14430b7b144d4556be73963a7daf6f1bddc25586627f426465482ce
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -87,8 +87,7 @@ volsync-target-config:
enabled: true enabled: true
schedule: 10 8 * * * schedule: 10 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 10 9 * * *
external: external:
enabled: true enabled: true
schedule: 10 10 * * * schedule: 10 9 * * *

1
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -135,7 +135,6 @@ blocky:
komodo IN CNAME traefik-cl01tl komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: mariadb-cluster - name: mariadb-cluster
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
version: 26.3.0 version: 25.10.4
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5 digest: sha256:d4c7bf75f72f7eab4ad968bf9f55daac9392c9b2df08f8a27c5dc4f8fffb5f57
generated: "2026-03-14T23:57:22.721295098Z" generated: "2026-03-06T01:06:05.696573273Z"

4
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -18,7 +18,7 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: mariadb-cluster - name: mariadb-cluster
version: 26.3.0 version: 25.10.4
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config
@@ -30,4 +30,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore # renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.1 appVersion: v2.1.0

15
clusters/cl01tl/helm/booklore/templates/replication-destination.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: booklore-data-replication-destination
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-destination
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
rsyncTLS:
copyMethod: Direct
accessModes: ["ReadWriteMany"]
destinationPVC: booklore-books-nfs-storage
keySecret: booklore-data-replication-secret

17
clusters/cl01tl/helm/booklore/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-replication-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: "0 0 * * *"
rsyncTLS:
keySecret: booklore-data-replication-secret
address: volsync-rsync-tls-dst-booklore-data-replication-destination
copyMethod: Snapshot

11
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,7 +9,7 @@ booklore:
main: main:
image: image:
repository: ghcr.io/booklore-app/booklore repository: ghcr.io/booklore-app/booklore
tag: v2.2.1 tag: v2.1.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -225,11 +225,10 @@ volsync-target-config:
enabled: true enabled: true
schedule: 12 8 * * * schedule: 12 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 12 9 * * *
external: external:
enabled: true enabled: true
schedule: 12 10 * * * schedule: 12 9 * * *
volsync-target-data: volsync-target-data:
pvcTarget: booklore-data pvcTarget: booklore-data
local: local:
@@ -239,11 +238,11 @@ volsync-target-data:
cacheCapacity: 10Gi cacheCapacity: 10Gi
remote: remote:
enabled: true enabled: true
schedule: 14 9 * * * schedule: 14 10 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
external: external:
enabled: true enabled: true
schedule: 14 10 * * * schedule: 14 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi

7
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main: main:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272 tag: 4.110.0@sha256:8473aa16fba93fccc3ca772173d095bccd2e44d4d3104467fee923df10d57cd2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -79,8 +79,7 @@ volsync-target-config:
enabled: true enabled: true
schedule: 16 8 * * * schedule: 16 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 16 9 * * *
external: external:
enabled: true enabled: true
schedule: 16 10 * * * schedule: 16 9 * * *

2
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -7,7 +7,7 @@ keywords:
- dns - dns
- network - network
- kubernetes - kubernetes
home: https://wiki.alexlebens.dev/s/ home: https://wiki.alexlebens.dev/s/43947ec6-a034-449f-8c76-982ac493b072
sources: sources:
- https://github.com/coredns/coredns - https://github.com/coredns/coredns
- https://github.com/coredns/helm - https://github.com/coredns/helm

2
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,7 +1,7 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.14.2 tag: v1.14.1
replicaCount: 3 replicaCount: 3
resources: resources:
requests: requests:

6
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:9524709cf393c01f28b0d073ef6870a2f1afd46f3bc5f564e73c55450aba8dd0 digest: sha256:f21fb0c49396d888de95d0b4c59ed535437422c1b24e622bf074ed0fbb22e03a
generated: "2026-03-11T22:56:11.749729235Z" generated: "2026-03-09T23:06:27.025881262Z"

4
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -18,7 +18,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
@@ -26,4 +26,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.3.3 appVersion: 1.3.2

6
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -9,7 +9,7 @@ dawarich:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.3.3 tag: 1.3.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"] command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"] args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.3.3 tag: 1.3.2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"] command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"] args: ["sidekiq"]
@@ -330,7 +330,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

6
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:0b50b4938669a7210930d6ee86a9602611b54cd13774f3386dbad04b4771e7f4 digest: sha256:2c38827f09e57aeff21409bf223edf3f889069db6d05c39f0404ed0c974cabb3
generated: "2026-03-11T22:56:26.818980186Z" generated: "2026-03-09T23:06:37.271648311Z"

4
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.16.1 appVersion: 11.16.0

37
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -94,43 +94,6 @@ spec:
metadataPolicy: None metadataPolicy: None
property: metric-token property: metric-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-bucket-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-bucket-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret

11
clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-directus
labels:
app.kubernetes.io/name: ceph-bucket-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-directus
storageClassName: ceph-bucket

26
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main: main:
image: image:
repository: directus/directus repository: directus/directus
tag: 11.16.1 tag: 11.16.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
@@ -90,22 +90,22 @@ directus:
- name: STORAGE_S3_KEY - name: STORAGE_S3_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-bucket-garage name: ceph-bucket-directus
key: ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET - name: STORAGE_S3_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-bucket-garage name: ceph-bucket-directus
key: ACCESS_SECRET_KEY key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_REGION
- name: STORAGE_S3_BUCKET - name: STORAGE_S3_BUCKET
value: directus-assets valueFrom:
configMapKeyRef:
name: ceph-bucket-directus
key: BUCKET_NAME
- name: STORAGE_S3_REGION
value: us-east-1
- name: STORAGE_S3_ENDPOINT - name: STORAGE_S3_ENDPOINT
value: http://garage-main.garage:3900 value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: STORAGE_S3_FORCE_PATH_STYLE - name: STORAGE_S3_FORCE_PATH_STYLE
value: true value: true
- name: AUTH_PROVIDERS - name: AUTH_PROVIDERS
@@ -219,7 +219,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 15 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

6
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.32 version: 1.4.31
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0 version: 2.4.0
digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934 digest: sha256:5066932d870c4803fca9bc4d7b686793e801d96b14026c299e467d8c107fb7eb
generated: "2026-03-11T16:04:17.556777286Z" generated: "2026-03-09T22:04:10.470135964Z"

2
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -17,7 +17,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.32 version: 1.4.31
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: vectorim/element-web repository: vectorim/element-web
tag: v1.12.12 tag: v1.12.11
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev

6
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -7,9 +7,9 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:a3703e245881145524304af8a03c89d309c602479be3f7f8953c2fba120bf341 digest: sha256:99f1993c99c23ba5b3af6997d859cbb18f26343e424c1312f8b6169f285a3418
generated: "2026-03-11T22:56:41.856429843Z" generated: "2026-03-09T22:04:20.416597531Z"

2
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -26,7 +26,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

9
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -197,7 +197,7 @@ postgres-18-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
index: 2 index: 1
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
@@ -222,7 +222,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 20 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -250,8 +250,7 @@ volsync-target-data:
enabled: true enabled: true
schedule: 18 8 * * * schedule: 18 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 18 9 * * *
external: external:
enabled: true enabled: true
schedule: 18 10 * * * schedule: 18 9 * * *

32
clusters/cl01tl/helm/garage/templates/service.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: garage-main
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-main
app.kubernetes.io/service: garage-main
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
ports:
- name: admin
port: 3903
protocol: TCP
targetPort: 3903
- name: rpc
port: 3901
protocol: TCP
targetPort: 3901
- name: s3
port: 3900
protocol: TCP
targetPort: 3900
- name: web
port: 3902
protocol: TCP
targetPort: 3902
selector:
app.kubernetes.io/instance: garage
app.kubernetes.io/name: garage
garage-type: server

28
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -118,9 +118,9 @@ garage:
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: API_BASE_URL - name: API_BASE_URL
value: http://garage-main.garage:3903 value: http://garage-1.garage:3903
- name: S3_ENDPOINT_URL - name: S3_ENDPOINT_URL
value: http://garage-main.garage:3900 value: http://garage-1.garage:3900
- name: API_ADMIN_KEY - name: API_ADMIN_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -225,6 +225,26 @@ garage:
api_bind_addr = "[::]:3903" api_bind_addr = "[::]:3903"
metrics_require_token = true metrics_require_token = true
service: service:
garage-main:
forceRename: garage-main
controller: server-2
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol : HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-1: server-1:
forceRename: garage-1 forceRename: garage-1
controller: server-1 controller: server-1
@@ -302,8 +322,8 @@ garage:
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}' serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints: endpoints:
- port: admin - port: admin
interval: 5m interval: 1m
scrapeTimeout: 2m scrapeTimeout: 30s
path: /metrics path: /metrics
bearerTokenSecret: bearerTokenSecret:
name: garage-token-secret name: garage-token-secret

6
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0 version: 1.5.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:2fe7c088e99a11e0c6dd09fe48bb1e292eb58e22d9f8ff681bb6c6790945d54e digest: sha256:c0c46db33b89b7a53dd512d19d07623a1eaafcc93668f0afacbb8d8c56d71e47
generated: "2026-03-11T22:56:56.957400817Z" generated: "2026-03-06T01:07:17.642671539Z"

2
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -22,7 +22,7 @@ dependencies:
version: 1.5.0 version: 1.5.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

12
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -137,9 +137,6 @@ gatus:
- name: yamtrack - name: yamtrack
url: https://yamtrack.alexlebens.net url: https://yamtrack.alexlebens.net
<<: *defaults <<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin - name: jellyfin
url: https://jellyfin.alexlebens.net url: https://jellyfin.alexlebens.net
<<: *defaults <<: *defaults
@@ -430,7 +427,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 25 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -446,10 +443,9 @@ volsync-target-data:
pvcTarget: gatus pvcTarget: gatus
local: local:
enabled: true enabled: true
schedule: 20 8 * * * schedule: 22 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 20 9 * * *
external: external:
enabled: true enabled: true
schedule: 20 10 * * * schedule: 22 9 * * *

6
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -13,7 +13,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
@@ -23,5 +23,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:8f243465537fe443e97a8813e23e95d3608a6a2898b93209d03cf43f4ca8cc5d digest: sha256:177a591c68e99a6f63f8acaf904cfc444774814db4ccd3ac410be511d67bbf9c
generated: "2026-03-11T22:57:17.026946319Z" generated: "2026-03-09T23:06:50.110952088Z"

4
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -40,7 +40,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-gitea alias: valkey-gitea
@@ -56,4 +56,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea # renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5 appVersion: 1.25.4

6
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -4,7 +4,7 @@ gitea:
replicaCount: 3 replicaCount: 3
image: image:
repository: gitea/gitea repository: gitea/gitea
tag: 1.25.5 tag: 1.25.4
service: service:
http: http:
type: ClusterIP type: ClusterIP
@@ -222,7 +222,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 7 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -259,7 +259,7 @@ volsync-target-storage:
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 0 0 7 * * * schedule: 0 0 0 * * *
restic: restic:
pruneIntervalDays: 3 pruneIntervalDays: 3
retain: retain:

8
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies: dependencies:
- name: grafana-operator - name: grafana-operator
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
version: 5.22.1 version: 5.22.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:932d9b24ad52ab2a28311f522714ecbad2bedea512ce48d26fcb95cc74b51af9 digest: sha256:6f4dc1456854cad04f387cef6e0a9c846e76eb811bf97f2b7b13877cb3f577bd
generated: "2026-03-14T19:50:53.708173087Z" generated: "2026-03-09T23:07:06.293890171Z"

6
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: grafana-operator - name: grafana-operator
version: 5.22.1 version: 5.22.0
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-unified-alerting alias: valkey-unified-alerting
@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator # renovate: datasource=github-releases depName=grafana/grafana-operator
appVersion: v5.22.1 appVersion: v5.22.0

2
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -42,7 +42,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 30 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

6
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.2 version: 1.18.2
- name: postgres-cluster - name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:898f51eabee5959b9e7ebe90640cb915cb2dee446e6a6649a29499fecab8b6c7 digest: sha256:ee8ed34cd53d8fa36497df28cba9cf16ef656250b0bc3ff6690fb958b22caf6f
generated: "2026-03-11T22:58:00.955579445Z" generated: "2026-03-09T23:07:20.650108569Z"

4
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
repository: https://helm.goharbor.io repository: https://helm.goharbor.io
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey - name: valkey
alias: valkey alias: valkey
@@ -29,4 +29,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor # renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.14.3 appVersion: v2.14.2

16
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -41,12 +41,12 @@ harbor:
portal: portal:
image: image:
repository: goharbor/harbor-portal repository: goharbor/harbor-portal
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
core: core:
image: image:
repository: goharbor/harbor-core repository: goharbor/harbor-core
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
existingSecret: harbor-secret existingSecret: harbor-secret
secretName: harbor-secret secretName: harbor-secret
@@ -54,7 +54,7 @@ harbor:
jobservice: jobservice:
image: image:
repository: goharbor/harbor-jobservice repository: goharbor/harbor-jobservice
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
jobLoggers: jobLoggers:
- stdout - stdout
@@ -63,11 +63,11 @@ harbor:
registry: registry:
image: image:
repository: goharbor/registry-photon repository: goharbor/registry-photon
tag: v2.14.3 tag: v2.14.2
controller: controller:
image: image:
repository: goharbor/harbor-registryctl repository: goharbor/harbor-registryctl
tag: v2.14.3 tag: v2.14.2
existingSecret: harbor-secret existingSecret: harbor-secret
relativeurls: true relativeurls: true
credentials: credentials:
@@ -94,14 +94,14 @@ harbor:
exporter: exporter:
image: image:
repository: goharbor/harbor-exporter repository: goharbor/harbor-exporter
tag: v2.14.3 tag: v2.14.2
replicas: 2 replicas: 2
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
index: 2 index: 1
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
@@ -126,7 +126,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 35 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: headlamp - name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.40.1 version: 0.40.0
digest: sha256:723a57d6fe86a124b8bae7dfc1dde0c2abd60021837826b486054df00551dc03 digest: sha256:b7f8f176f8c4902130e87660adb39211fd5ca454f89f5a7e9ed577cd4c3a2255
generated: "2026-03-14T15:02:53.184950913Z" generated: "2026-02-05T18:23:45.100522813Z"

2
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: headlamp - name: headlamp
version: 0.40.1 version: 0.40.0
repository: https://kubernetes-sigs.github.io/headlamp/ repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp # renovate: datasource=github-releases depName=headlamp-k8s/headlamp

2
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -8,8 +8,6 @@ headlamp:
enabled: true enabled: true
name: headlamp-oidc-secret name: headlamp-oidc-secret
watchPlugins: true watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

9
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -21,7 +21,7 @@ home-assistant:
code-server: code-server:
image: image:
repository: ghcr.io/linuxserver/code-server repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272 tag: 4.110.0@sha256:8473aa16fba93fccc3ca772173d095bccd2e44d4d3104467fee923df10d57cd2
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -134,10 +134,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 22 8 * * * schedule: 24 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 22 9 * * *
external: external:
enabled: true enabled: true
schedule: 22 10 * * * schedule: 24 9 * * *

2
clusters/cl01tl/helm/homepage/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2 version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage # renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.11.0 appVersion: v1.10.1

8
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -16,7 +16,7 @@ homepage:
main: main:
image: image:
repository: ghcr.io/gethomepage/homepage repository: ghcr.io/gethomepage/homepage
tag: v1.11.0 tag: v1.10.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: HOMEPAGE_ALLOWED_HOSTS - name: HOMEPAGE_ALLOWED_HOSTS
@@ -160,12 +160,6 @@ homepage:
href: https://yamtrack.alexlebens.net href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80 siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot statusStyle: dot
- Movie Roulette:
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
description: Movie Roulette
href: https://movie-roulette.alexlebens.net
siteMonitor: http://movie-roulette.movie-roulette:80
statusStyle: dot
- Movies and TV: - Movies and TV:
icon: sh-jellyfin.webp icon: sh-jellyfin.webp
description: Jellyfin description: Jellyfin

6
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:b886b0a1555ea75fbff52a58ccbf1659acbda20e933107bcbab9b00192aa25bd digest: sha256:360f79209535cd9132b7db774aabd6492c2c287e62f00795e5f4ae4cc6a038c0
generated: "2026-03-11T22:58:20.294240859Z" generated: "2026-03-09T23:07:40.320287247Z"

2
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey

8
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -209,7 +209,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 40 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -225,16 +225,16 @@ volsync-target-data:
pvcTarget: immich pvcTarget: immich
local: local:
enabled: true enabled: true
schedule: 24 8 * * * schedule: 28 8 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
remote: remote:
enabled: true enabled: true
schedule: 24 9 * * * schedule: 28 10 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
external: external:
enabled: true enabled: true
schedule: 24 10 * * * schedule: 28 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi

6
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -143,16 +143,14 @@ volsync-target-config:
pvcTarget: jellyfin-config pvcTarget: jellyfin-config
local: local:
enabled: true enabled: true
schedule: 26 8 * * * schedule: 30 8 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
remote: remote:
enabled: true
schedule: 26 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi
external: external:
enabled: true enabled: true
schedule: 26 10 * * * schedule: 30 9 * * *
restic: restic:
cacheCapacity: 10Gi cacheCapacity: 10Gi

6
clusters/cl01tl/helm/jellystat/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:29b92b08c230d5f3abc13949b299acccd1e9f8ff7df1f691a5dec41df5405595 digest: sha256:0f8868c6e89c0f283650db5446e8f36f162cb2179f62eb58e67b5b08c03ac84d
generated: "2026-03-11T22:58:35.766813121Z" generated: "2026-03-06T01:09:37.09922161Z"

2
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data

9
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -129,7 +129,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 45 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -145,10 +145,9 @@ volsync-target-data:
pvcTarget: jellystat-data pvcTarget: jellystat-data
local: local:
enabled: true enabled: true
schedule: 28 8 * * * schedule: 32 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 28 9 * * *
external: external:
enabled: true enabled: true
schedule: 28 10 * * * schedule: 32 9 * * *

37
clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
View File

@@ -57,43 +57,6 @@ spec:
metadataPolicy: None metadataPolicy: None
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-bucket-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-bucket-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/karakeep-assets
metadataPolicy: None
property: ACCESS_REGION
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret

11
clusters/cl01tl/helm/karakeep/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-karakeep
labels:
app.kubernetes.io/name: ceph-bucket-karakeep
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-karakeep
storageClassName: ceph-bucket

27
clusters/cl01tl/helm/karakeep/values.yaml
View File

@@ -29,24 +29,24 @@ karakeep:
name: karakeep-key-secret name: karakeep-key-secret
key: prometheus-token key: prometheus-token
- name: ASSET_STORE_S3_ENDPOINT - name: ASSET_STORE_S3_ENDPOINT
value: http://garage-main.garage:3900 value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: ASSET_STORE_S3_REGION - name: ASSET_STORE_S3_REGION
valueFrom: value: us-east-1
secretKeyRef:
name: karakeep-bucket-garage
key: ACCESS_REGION
- name: ASSET_STORE_S3_BUCKET - name: ASSET_STORE_S3_BUCKET
value: karakeep-assets valueFrom:
configMapKeyRef:
name: ceph-bucket-karakeep
key: BUCKET_NAME
- name: ASSET_STORE_S3_ACCESS_KEY_ID - name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-bucket-garage name: ceph-bucket-karakeep
key: ACCESS_KEY_ID key: AWS_ACCESS_KEY_ID
- name: ASSET_STORE_S3_SECRET_ACCESS_KEY - name: ASSET_STORE_S3_SECRET_ACCESS_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-bucket-garage name: ceph-bucket-karakeep
key: ACCESS_SECRET_KEY key: AWS_SECRET_ACCESS_KEY
- name: ASSET_STORE_S3_FORCE_PATH_STYLE - name: ASSET_STORE_S3_FORCE_PATH_STYLE
value: true value: true
- name: MEILI_ADDR - name: MEILI_ADDR
@@ -172,10 +172,9 @@ volsync-target-data:
pvcTarget: karakeep pvcTarget: karakeep
local: local:
enabled: true enabled: true
schedule: 30 8 * * * schedule: 34 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 30 9 * * *
external: external:
enabled: true enabled: true
schedule: 30 10 * * * schedule: 34 9 * * *

6
clusters/cl01tl/helm/komodo/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
digest: sha256:833a88f82c14f78d63abea99244f2473bee2f5124a533a898a34844956f62b27 digest: sha256:dd1ccfe8d0bfc7248141d2f72806c6437572f21d818941e9071f58d1a0a47259
generated: "2026-03-11T22:58:51.287064579Z" generated: "2026-02-27T18:17:12.586352018Z"

2
clusters/cl01tl/helm/komodo/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgresql-17-fdb-cluster alias: postgresql-17-fdb-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/komodo.png
# renovate: datasource=github-releases depName=moghtech/komodo # renovate: datasource=github-releases depName=moghtech/komodo

4
clusters/cl01tl/helm/komodo/values.yaml
View File

@@ -205,7 +205,7 @@ postgresql-17-fdb-cluster:
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:
index: 2 index: 1
backup: backup:
objectStore: objectStore:
- name: garage-local - name: garage-local
@@ -230,7 +230,7 @@ postgresql-17-fdb-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 50 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true

6
clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
version: 82.10.3 version: 82.10.2
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
digest: sha256:37ffa4a21ed29703cae9c9f3fb029566a1dd6af6e0fe8cc3862a2226d6644114 digest: sha256:9019f0e0bcbe5033457c9d402590b51a1b27e2e6141bfd5d84b9b30a5f666c98
generated: "2026-03-10T19:02:41.11005238Z" generated: "2026-03-09T23:07:53.50141436Z"

2
clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml
View File

@@ -20,7 +20,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: kube-prometheus-stack - name: kube-prometheus-stack
version: 82.10.3 version: 82.10.2
repository: oci://ghcr.io/prometheus-community/charts repository: oci://ghcr.io/prometheus-community/charts
- name: app-template - name: app-template
alias: ntfy-alertmanager alias: ntfy-alertmanager

2
clusters/cl01tl/helm/libation/Chart.yaml
View File

@@ -24,4 +24,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/libation.png
# renovate: datasource=github-releases depName=rmcrackan/Libation # renovate: datasource=github-releases depName=rmcrackan/Libation
appVersion: 13.3.0 appVersion: 13.2.1

9
clusters/cl01tl/helm/libation/values.yaml
View File

@@ -16,7 +16,7 @@ libation:
main: main:
image: image:
repository: rmcrackan/libation repository: rmcrackan/libation
tag: 13.3.0 tag: 13.2.1
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: SLEEP_TIME - name: SLEEP_TIME
@@ -75,10 +75,9 @@ volsync-target-config:
pvcTarget: libation pvcTarget: libation
local: local:
enabled: true enabled: true
schedule: 32 8 * * * schedule: 36 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 32 9 * * *
external: external:
enabled: true enabled: true
schedule: 32 10 * * * schedule: 36 9 * * *

6
clusters/cl01tl/helm/lidarr/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:d43b95fa1fc70c93541b9d73180406b31059c6cc45aa57a0cc8d9386c64833c3 digest: sha256:4511a3475316ebf0bd5da452e69602b7d52746253c659a433e61851f51093285
generated: "2026-03-11T22:59:07.151659257Z" generated: "2026-03-06T01:10:55.882802086Z"

2
clusters/cl01tl/helm/lidarr/Chart.yaml
View File

@@ -24,7 +24,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-config alias: volsync-target-config

11
clusters/cl01tl/helm/lidarr/values.yaml
View File

@@ -15,7 +15,7 @@ lidarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/lidarr repository: ghcr.io/linuxserver/lidarr
tag: 3.1.2-nightly@sha256:2b1b64f07214c6cf05bcfed999aa74ee23825e4bc2ef2c48aba1cd5d5bf968fe tag: 3.1.2-nightly@sha256:f64fabd1737d9c7d519e1a37aba97b2e110d717e1c497a6f9788766f9633cf8f
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: TZ - name: TZ
@@ -167,7 +167,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 55 14 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -188,10 +188,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 34 8 * * * schedule: 38 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 34 9 * * *
external: external:
enabled: true enabled: true
schedule: 34 10 * * * schedule: 38 9 * * *

6
clusters/cl01tl/helm/loki/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: loki - name: loki
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
version: 6.55.0 version: 6.53.0
- name: alloy - name: alloy
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
version: 1.6.2 version: 1.6.2
digest: sha256:463184dc134143723f8567a1ebd228353cf0253a139f0a4e76637ec65aa4aaf1 digest: sha256:88b8ace6bcbcbff4b04727499705fbe94de7fe4b8f0b8aa254a1e7d1d2c65fac
generated: "2026-03-14T18:16:47.779817047Z" generated: "2026-03-10T18:56:19.38475079Z"

2
clusters/cl01tl/helm/loki/Chart.yaml
View File

@@ -16,7 +16,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: loki - name: loki
version: 6.55.0 version: 6.53.0
repository: https://grafana.github.io/helm-charts repository: https://grafana.github.io/helm-charts
- name: alloy - name: alloy
version: 1.6.2 version: 1.6.2

8
clusters/cl01tl/helm/mariadb-operator/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: mariadb-operator - name: mariadb-operator
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
version: 26.3.0 version: 25.10.4
- name: mariadb-operator-crds - name: mariadb-operator-crds
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
version: 26.3.0 version: 25.10.4
digest: sha256:95f9484c385d08f9b15f55cbb0f8d82c55b8c1a055a4c7697335d4ca51c35d7e digest: sha256:fcb4433060885746dd43a5fb4d8b32163d50d97dc4614fbf4c82f966a1723304
generated: "2026-03-14T23:23:02.743862932Z" generated: "2026-01-08T21:21:13.446114122Z"

6
clusters/cl01tl/helm/mariadb-operator/Chart.yaml
View File

@@ -15,11 +15,11 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: mariadb-operator - name: mariadb-operator
version: 26.3.0 version: 25.10.4
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
- name: mariadb-operator-crds - name: mariadb-operator-crds
version: 26.3.0 version: 25.10.4
repository: https://helm.mariadb.com/mariadb-operator repository: https://helm.mariadb.com/mariadb-operator
icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg icon: https://mariadb-operator.github.io/mariadb-operator/assets/mariadb_profile.svg
# renovate: datasource=github-releases depName=mariadb-operator/mariadb-operator # renovate: datasource=github-releases depName=mariadb-operator/mariadb-operator
appVersion: 26.3.0 appVersion: 25.10.4

8
clusters/cl01tl/helm/matrix-synapse/Chart.lock
View File

@@ -1,7 +1,7 @@
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 3.12.23 version: 3.12.22
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
@@ -19,7 +19,7 @@ dependencies:
version: 2.4.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0 version: 0.4.0
@@ -38,5 +38,5 @@ dependencies:
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:fb87880d3de281064519117d8046d7de14f41450ec8ff8c3c603f0179004768e digest: sha256:fc6e3a04b828daf3a0861aec6a7a6d1c9a45fabaf29abd3fb3be2e8db4d0875b
generated: "2026-03-12T11:03:45.232564538Z" generated: "2026-03-09T23:08:07.610958823Z"

6
clusters/cl01tl/helm/matrix-synapse/Chart.yaml
View File

@@ -29,7 +29,7 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: matrix-synapse - name: matrix-synapse
version: 3.12.23 version: 3.12.22
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: app-template - name: app-template
alias: matrix-hookshot alias: matrix-hookshot
@@ -53,7 +53,7 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey-matrix-synapse alias: valkey-matrix-synapse
@@ -81,4 +81,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/matrix.png
# renovate: datasource=github-releases depName=element-hq/synapse # renovate: datasource=github-releases depName=element-hq/synapse
appVersion: v1.149.1 appVersion: v1.149.0

30
clusters/cl01tl/helm/matrix-synapse/values.yaml
View File

@@ -434,7 +434,7 @@ postgres-18-cluster:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 0 15 * * *" schedule: "0 0 0 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup # - name: weekly-backup
# suspend: true # suspend: true
@@ -470,24 +470,22 @@ volsync-target-synapse:
pvcTarget: matrix-synapse pvcTarget: matrix-synapse
local: local:
enabled: true enabled: true
schedule: 36 8 * * * schedule: 44 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 36 9 * * *
external: external:
enabled: true enabled: true
schedule: 36 10 * * * schedule: 44 9 * * *
volsync-target-hookshot: volsync-target-hookshot:
pvcTarget: matrix-hookshot pvcTarget: matrix-hookshot
local: local:
enabled: true enabled: true
schedule: 38 8 * * * schedule: 46 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 38 9 * * *
external: external:
enabled: true enabled: true
schedule: 38 10 * * * schedule: 46 9 * * *
volsync-target-discord: volsync-target-discord:
pvcTarget: mautrix-discord pvcTarget: mautrix-discord
moverSecurityContext: moverSecurityContext:
@@ -495,13 +493,12 @@ volsync-target-discord:
runAsGroup: 1337 runAsGroup: 1337
local: local:
enabled: true enabled: true
schedule: 40 8 * * * schedule: 48 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 40 9 * * *
external: external:
enabled: true enabled: true
schedule: 40 10 * * * schedule: 48 9 * * *
volsync-target-whatsapp: volsync-target-whatsapp:
pvcTarget: mautrix-whatsapp pvcTarget: mautrix-whatsapp
moverSecurityContext: moverSecurityContext:
@@ -509,10 +506,9 @@ volsync-target-whatsapp:
runAsGroup: 1337 runAsGroup: 1337
local: local:
enabled: true enabled: true
schedule: 42 8 * * * schedule: 50 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 42 9 * * *
external: external:
enabled: true enabled: true
schedule: 42 10 * * * schedule: 50 9 * * *

6
clusters/cl01tl/helm/movie-roulette/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
digest: sha256:faa35ccfc18b2d47fad558e168bd3c68e64790fe2b1356881452ae4f5cd8b443
generated: "2026-03-10T16:01:13.738843-05:00"

22
clusters/cl01tl/helm/movie-roulette/Chart.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: v2
name: movie-roulette
version: 1.0.0
description: Movie Roulette
keywords:
- movie-roulette
- jellyfin
home: https://wiki.alexlebens.dev/
sources:
- https://github.com/sahara101/Movie-Roulette
- https://github.com/sahara101/Movie-Roulette/pkgs/container/movie-roulette
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: movie-roulette
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
# renovate: datasource=github-releases depName=sahara101/Movie-Roulette
appVersion: v5.2.1

42
clusters/cl01tl/helm/movie-roulette/templates/external-secret.yaml
View File

@@ -1,42 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: movie-roulette-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: movie-roulette-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/movie-roulette/key
metadataPolicy: None
property: secret-key
- secretKey: jellyfin-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/movie-roulette
metadataPolicy: None
property: jellyfin-key
- secretKey: jellyfin-user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/jellyfin/movie-roulette
metadataPolicy: None
property: user
- secretKey: seerr-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/seerr/key
metadataPolicy: None
property: key

128
clusters/cl01tl/helm/movie-roulette/values.yaml
View File

@@ -1,128 +0,0 @@
movie-roulette:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/sahara101/movie-roulette
tag: v5.2.1
pullPolicy: IfNotPresent
env:
- name: FLASK_SECRET_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: secret-key
- name: CORS_ALLOWED_ORIGINS
value: movie-roulette.alexlebens.net
- name: DISABLE_SETTINGS
value: "TRUE"
- name: AUTH_ENABLED
value: "TRUE"
- name: AUTH_SESSION_LIFETIME
value: "86400"
- name: JELLYFIN_URL
value: http://jellyfin.alexlebens.net
- name: JELLYFIN_API_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: jellyfin-key
- name: JELLYFIN_USER_ID
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: jellyfin-user
- name: LOGIN_BACKDROP_ENABLED
value: "TRUE"
- name: HOMEPAGE_MODE
value: "FALSE"
- name: USE_LINKS
value: "TRUE"
- name: USE_FILTER
value: "TRUE"
- name: USE_WATCH_BUTTON
value: "TRUE"
- name: USE_NEXT_BUTTON
value: "TRUE"
- name: USE_GRID_VIEW
value: "true"
- name: ENABLE_MOBILE_TRUNCATION
value: "TRUE"
- name: SHOW_NOW_WATCHING_CARD
value: "FALSE"
- name: USE_HEROUI_THEME
value: "FALSE"
- name: ENABLE_MOVIE_LOGOS
value: "TRUE"
- name: LOAD_MOVIE_ON_START
value: "FALSE"
- name: SEERR_URL
value: http://seerr.alexlebens.net
- name: SEERR_API_KEY
valueFrom:
secretKeyRef:
name: movie-roulette-config-secret
key: seerr-key
- name: REQUEST_SERVICE_DEFAULT
value: "seerr"
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 80
targetPort: 4000
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- movie-roulette.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: movie-roulette
port: 80
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
data:
forceRename: movie-roulette-data
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 1Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-data:
pvcTarget: movie-roulette-data
local:
enabled: true
schedule: 44 8 * * *
remote:
enabled: true
schedule: 44 9 * * *
external:
enabled: true
schedule: 44 10 * * *

2
clusters/cl01tl/helm/music-grabber/values.yaml
View File

@@ -9,7 +9,7 @@ music-grabber:
main: main:
image: image:
repository: g33kphr33k/musicgrabber repository: g33kphr33k/musicgrabber
tag: 2.4.3 tag: 2.3.5
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
- name: MUSIC_DIR - name: MUSIC_DIR

7
clusters/cl01tl/helm/navidrome/values.yaml
View File

@@ -178,10 +178,9 @@ volsync-target-data:
fsGroupChangePolicy: OnRootMismatch fsGroupChangePolicy: OnRootMismatch
local: local:
enabled: true enabled: true
schedule: 46 8 * * * schedule: 52 8 * * *
remote: remote:
enabled: true enabled: false
schedule: 46 9 * * *
external: external:
enabled: true enabled: true
schedule: 46 10 * * * schedule: 52 9 * * *

6
clusters/cl01tl/helm/ollama/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.9.1 version: 7.8.0
- name: volsync-target - name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0 version: 0.8.0
digest: sha256:a3201fc53ddfbaeb5a81d08e9d20135fb59174879e20f0b4986b1b8540011e03 digest: sha256:a6aa65545de5125a27cf0324f6e8cbd6d69471ca32f32083cc0f1d3fd49efa15
generated: "2026-03-11T22:59:44.389634096Z" generated: "2026-03-06T01:12:09.026288121Z"

4
clusters/cl01tl/helm/ollama/Chart.yaml
View File

@@ -23,7 +23,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.9.1 version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target - name: volsync-target
alias: volsync-target-data alias: volsync-target-data
@@ -31,4 +31,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ollama.png
# renovate: datasource=github-releases depName=ollama/ollama # renovate: datasource=github-releases depName=ollama/ollama
appVersion: 0.18.0 appVersion: 0.17.7

Some files were not shown because too many files have changed in this diff Show More