Compare commits
1 Commits
main
...
f13368c942
| Author | SHA1 | Date | |
|---|---|---|---|
f13368c942
|
@@ -55,7 +55,6 @@ jobs:
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.19.2
|
||||
cache: true
|
||||
|
||||
- name: Check Directories for Changes
|
||||
id: check-dir-changes
|
||||
|
||||
@@ -38,13 +38,6 @@ jobs:
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
|
||||
cache: true
|
||||
|
||||
- name: Configure Kubeconfig
|
||||
uses: azure/k8s-set-context@v4
|
||||
with:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
id: prepare-manifest-branch
|
||||
@@ -192,17 +185,17 @@ jobs:
|
||||
"stack")
|
||||
echo ""
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
@@ -32,13 +32,6 @@ jobs:
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
|
||||
cache: true
|
||||
|
||||
- name: Configure Kubeconfig
|
||||
uses: azure/k8s-set-context@v4
|
||||
with:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
run: |
|
||||
@@ -114,6 +107,24 @@ jobs:
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Remove Changed Manifest Files
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
env:
|
||||
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
|
||||
run: |
|
||||
cd ${MANIFEST_DIR}
|
||||
|
||||
echo ">> Remove manfiest files and rebuild from source ..."
|
||||
|
||||
for dir in ${RENDER_DIR}; do
|
||||
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
|
||||
|
||||
echo "$chart_path"
|
||||
rm -rf $chart_path/*
|
||||
done
|
||||
|
||||
echo "----"
|
||||
|
||||
- name: Render Helm Manifests
|
||||
id: render-manifests
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
@@ -159,17 +170,17 @@ jobs:
|
||||
"stack")
|
||||
echo ""
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
@@ -39,13 +39,6 @@ jobs:
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
|
||||
cache: true
|
||||
|
||||
- name: Configure Kubeconfig
|
||||
uses: azure/k8s-set-context@v4
|
||||
with:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
run: |
|
||||
@@ -197,17 +190,17 @@ jobs:
|
||||
"stack")
|
||||
echo ""
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
@@ -37,13 +37,6 @@ jobs:
|
||||
with:
|
||||
token: ${{ secrets.GITEA_TOKEN }}
|
||||
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
|
||||
cache: true
|
||||
|
||||
- name: Configure Kubeconfig
|
||||
uses: azure/k8s-set-context@v4
|
||||
with:
|
||||
method: kubeconfig
|
||||
kubeconfig: ${{ secrets.KUBECONFIG }}
|
||||
|
||||
- name: Prepare Manifest Branch
|
||||
run: |
|
||||
@@ -195,17 +188,17 @@ jobs:
|
||||
"stack")
|
||||
echo ""
|
||||
echo ">> Special Rendering for stack into argocd namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run)
|
||||
;;
|
||||
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
|
||||
echo ""
|
||||
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run)
|
||||
;;
|
||||
*)
|
||||
echo ""
|
||||
echo ">> Standard Rendering for $chart_name ..."
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
|
||||
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run)
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
1
.gitignore
vendored
1
.gitignore
vendored
@@ -1,4 +1,3 @@
|
||||
/**/archive/
|
||||
/**/charts/
|
||||
/**/manifests/
|
||||
/**/tmpcharts*/
|
||||
|
||||
@@ -2,12 +2,6 @@
|
||||
|
||||
GitOps definied infrastrucutre for the alexlebens.net domain.
|
||||
|
||||
## Stack-cl01tl
|
||||
|
||||
https://argocd.alexlebens.net/api/badge?name=stack-cl01tl&revision=true&showAppName=true
|
||||
|
||||
App-of-Apps Application for cl01tl
|
||||
|
||||
## License
|
||||
|
||||
This project is licensed under the terms of the Apache 2.0 License license.
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:09dae69cd64556ed0b8ce2d8afe304720af3a71f64610ee6c70219572ccfdf5e
|
||||
generated: "2025-12-18T02:42:53.481944952Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:3763d6c5c0b45219235229aa1d72bfa426abd29aa8d92c1b1ca958b6afb3bfc8
|
||||
generated: "2025-12-15T17:43:51.908308-06:00"
|
||||
|
||||
@@ -19,7 +19,7 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
appVersion: 25.12.0
|
||||
|
||||
28
clusters/cl01tl/helm/actual/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/actual/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-actual
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-actual
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- actual.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: actual
|
||||
port: 80
|
||||
weight: 100
|
||||
@@ -42,27 +42,6 @@ actual:
|
||||
port: 80
|
||||
targetPort: 5006
|
||||
protocol: HTTP
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- actual.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: actual
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
data:
|
||||
forceRename: actual-data
|
||||
|
||||
@@ -7,6 +7,6 @@ dependencies:
|
||||
version: 2.4.19
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.4.3
|
||||
digest: sha256:6de7da41d9317d7942a455226e5eae682f32f1bbb7d0287b9306de847bd56fdb
|
||||
generated: "2025-12-22T23:17:37.4042-06:00"
|
||||
version: 7.1.1
|
||||
digest: sha256:796a0f9ae054268c9a4e2752f29004b6547e5ee41e623b8506b531f6836b7313
|
||||
generated: "2025-12-15T14:27:02.068848-06:00"
|
||||
|
||||
@@ -25,7 +25,7 @@ dependencies:
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
appVersion: v3.7.6
|
||||
|
||||
@@ -26,3 +26,70 @@ spec:
|
||||
key: /authentik/oidc/argo-workflows
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argo-workflows-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argo-workflows-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argo-workflows-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: argo-workflows
|
||||
name: http-route-argo-workflows
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argo-workflows
|
||||
app.kubernetes.io/name: http-route-argo-workflows
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -77,43 +77,55 @@ argo-events:
|
||||
memory: 128Mi
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
storage:
|
||||
storageClass: local-path
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
index: 1
|
||||
endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
|
||||
endpointCredentialsIncludeRegion: true
|
||||
retentionPolicy: "3d"
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# - name: external
|
||||
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# retentionPolicy: "30d"
|
||||
# isWALArchiver: false
|
||||
# - name: garage-remote
|
||||
# destinationPath: s3://postgres-backups/cl01tl/argo-workflows/argo-workflows-postgresql-18-cluster
|
||||
# index: 1
|
||||
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
# endpointCredentials: argo-workflows-postgresql-18-cluster-backup-secret-garage
|
||||
# endpointCredentialsIncludeRegion: true
|
||||
# retentionPolicy: "30d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: daily-backup
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.1.10
|
||||
digest: sha256:4970c90a7ba115a91006f27161b7fbb2e197250a548ab49f0451aab6cbe12d53
|
||||
generated: "2025-12-23T23:20:06.41177841Z"
|
||||
version: 9.1.8
|
||||
digest: sha256:4d2089dba47c25af1126a5397f001bb114f6c464b20493c382c4c7b315e42c24
|
||||
generated: "2025-12-17T01:21:10.460753309Z"
|
||||
|
||||
@@ -15,7 +15,7 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
version: 9.1.10
|
||||
version: 9.1.8
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
appVersion: v3.2.1
|
||||
|
||||
@@ -50,39 +50,39 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-gitea-repo-infrastructure-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: type
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
metadataPolicy: None
|
||||
property: type
|
||||
- secretKey: url
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
metadataPolicy: None
|
||||
property: url
|
||||
- secretKey: sshPrivateKey
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
metadataPolicy: None
|
||||
property: sshPrivateKey
|
||||
# ---
|
||||
# apiVersion: external-secrets.io/v1
|
||||
# kind: ExternalSecret
|
||||
# metadata:
|
||||
# name: argocd-gitea-repo-infrastructure-secret
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# secretStoreRef:
|
||||
# kind: ClusterSecretStore
|
||||
# name: vault
|
||||
# data:
|
||||
# - secretKey: type
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
# metadataPolicy: None
|
||||
# property: type
|
||||
# - secretKey: url
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
# metadataPolicy: None
|
||||
# property: url
|
||||
# - secretKey: sshPrivateKey
|
||||
# remoteRef:
|
||||
# conversionStrategy: Default
|
||||
# decodingStrategy: None
|
||||
# key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
# metadataPolicy: None
|
||||
# property: sshPrivateKey
|
||||
|
||||
28
clusters/cl01tl/helm/argocd/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/argocd/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-argocd
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-argocd
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- argocd.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: argocd-server
|
||||
port: 80
|
||||
weight: 100
|
||||
@@ -29,6 +29,18 @@ argo-cd:
|
||||
rbac:
|
||||
policy.csv: |
|
||||
g, ArgoCD Admins, role:admin
|
||||
cmp:
|
||||
create: true
|
||||
plugins:
|
||||
cdk8s:
|
||||
init:
|
||||
command: [cdk8s]
|
||||
args: [import]
|
||||
generate:
|
||||
command: [cdk8s, synth]
|
||||
args: [--stdout]
|
||||
discover:
|
||||
fileName: "*.go"
|
||||
controller:
|
||||
replicas: 1
|
||||
metrics:
|
||||
@@ -65,22 +77,34 @@ argo-cd:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
httproute:
|
||||
enabled: true
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- argocd.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
ingress:
|
||||
enabled: false
|
||||
repoServer:
|
||||
replicas: 2
|
||||
extraContainers:
|
||||
- name: cmp-cdk8s
|
||||
command:
|
||||
- /var/run/argocd/argocd-cmp-server
|
||||
image: ghcr.io/akuity/cdk8s-cmp-typescript:1.0
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
runAsUser: 999
|
||||
volumeMounts:
|
||||
- mountPath: /var/run/argocd
|
||||
name: var-files
|
||||
- mountPath: /home/argocd/cmp-server/plugins
|
||||
name: plugins
|
||||
- mountPath: /home/argocd/cmp-server/config/plugin.yaml
|
||||
subPath: cdk8s.yaml
|
||||
name: argocd-cmp-cm
|
||||
- mountPath: /tmp
|
||||
name: cmp-tmp
|
||||
volumes:
|
||||
- name: argocd-cmp-cm
|
||||
configMap:
|
||||
name: argocd-cmp-cm
|
||||
- name: cmp-tmp
|
||||
emptyDir: {}
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:67571554c39c1acdb1cd286024e7bdc0d7c94f0c4bfff5bf5fb225817f495616
|
||||
generated: "2025-12-18T02:43:02.876706511Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:88e0d8008795451a64f3a2e4fa4fc120d48cef4badb4305e8e60afbb494352c5
|
||||
generated: "2025-12-15T18:19:02.989735-06:00"
|
||||
|
||||
@@ -21,11 +21,11 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-metadata
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
appVersion: 2.31.0
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-audiobookshelf
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-audiobookshelf
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- audiobookshelf.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: audiobookshelf
|
||||
port: 80
|
||||
weight: 100
|
||||
@@ -0,0 +1,19 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: audiobookshelf-apprise
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-apprise
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: apprise
|
||||
interval: 30s
|
||||
scrapeTimeout: 15s
|
||||
path: /metrics
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: audiobookshelf
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
@@ -57,40 +57,6 @@ audiobookshelf:
|
||||
port: 8000
|
||||
targetPort: 8000
|
||||
protocol: HTTP
|
||||
serviceMonitor:
|
||||
main:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: audiobookshelf
|
||||
app.kubernetes.io/instance: audiobookshelf
|
||||
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
|
||||
endpoints:
|
||||
- port: apprise
|
||||
scheme: http
|
||||
path: /metrics
|
||||
interval: 30s
|
||||
scrapeTimeout: 15s
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- audiobookshelf.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: audiobookshelf
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
forceRename: audiobookshelf-config
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
dependencies:
|
||||
- name: authentik
|
||||
repository: https://charts.goauthentik.io/
|
||||
version: 2025.10.3
|
||||
version: 2025.10.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:d250e40d77b3010d55c258e264e36de060a6dbdb78fe56bdbfbc427692cfdcc7
|
||||
generated: "2025-12-23T16:28:00.416521-06:00"
|
||||
digest: sha256:e593d25ebf07b1274768045f028e1ceeccbcdc1c8e35414d6bbd9a8d09086991
|
||||
generated: "2025-12-15T14:36:33.783343-06:00"
|
||||
|
||||
@@ -21,14 +21,15 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: authentik
|
||||
version: 2025.10.3
|
||||
version: 2025.10.2
|
||||
repository: https://charts.goauthentik.io/
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: redis-replication
|
||||
version: 0.5.0
|
||||
|
||||
@@ -19,3 +19,93 @@ spec:
|
||||
key: /cl01tl/authentik/key
|
||||
metadataPolicy: None
|
||||
property: key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/authentik
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
28
clusters/cl01tl/helm/authentik/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/authentik/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-authentik
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- authentik.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: authentik-server
|
||||
port: 80
|
||||
weight: 100
|
||||
@@ -36,23 +36,8 @@ authentik:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
route:
|
||||
main:
|
||||
enabled: true
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
hostnames:
|
||||
- authentik.alexlebens.net
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
httpsRedirect: false
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
ingress:
|
||||
enabled: false
|
||||
worker:
|
||||
name: worker
|
||||
replicas: 1
|
||||
@@ -63,48 +48,62 @@ authentik:
|
||||
enabled: false
|
||||
redis:
|
||||
enabled: false
|
||||
cloudflared:
|
||||
existingSecretName: authentik-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
storage:
|
||||
storageClass: local-path
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
index: 1
|
||||
endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
|
||||
endpointCredentialsIncludeRegion: true
|
||||
retentionPolicy: "3d"
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# - name: external
|
||||
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/authentik/authentik-postgresql-18-cluster
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# retentionPolicy: "30d"
|
||||
# isWALArchiver: false
|
||||
# - name: garage-remote
|
||||
# destinationPath: s3://postgres-backups/cl01tl/authentik/authentik-postgresql-18-cluster
|
||||
# index: 1
|
||||
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
# endpointCredentials: authentik-postgresql-18-cluster-backup-secret-garage
|
||||
# retentionPolicy: "30d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
# jobs: 2
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
# - name: weekly-backup
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
redis-replication:
|
||||
existingSecret:
|
||||
enabled: false
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:ba31d044402f9da6705f64d21a0947730a37526fce047891162cfd2b21b8d08a
|
||||
generated: "2025-12-18T02:43:14.604382042Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:13c950ad5cd6accd192e6768557c0df74af2cd767d2372dc38c1cdb7e1563399
|
||||
generated: "2025-12-15T18:33:59.961957-06:00"
|
||||
|
||||
@@ -19,11 +19,11 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
|
||||
appVersion: v1.10.1
|
||||
|
||||
28
clusters/cl01tl/helm/backrest/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/backrest/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-backrest
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-backrest
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- backrest.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: backrest
|
||||
port: 80
|
||||
weight: 100
|
||||
14
clusters/cl01tl/helm/backrest/templates/service.yaml
Normal file
14
clusters/cl01tl/helm/backrest/templates/service.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: garage-ps10rp
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-ps10rp
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
annotations:
|
||||
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
|
||||
spec:
|
||||
externalName: placeholder
|
||||
type: ExternalName
|
||||
@@ -33,27 +33,6 @@ backrest:
|
||||
port: 80
|
||||
targetPort: 9898
|
||||
protocol: TCP
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- backrest.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: backrest
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
data:
|
||||
forceRename: backrest-data
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:20237b7a0548ae3458b4765e01aef39b5e072da5390305eb7815b086eef4983a
|
||||
generated: "2025-12-18T02:43:26.844170003Z"
|
||||
version: 0.5.0
|
||||
digest: sha256:cb702f316026bdb487ace1abec56cc3c505376cf14a45528e3e593e4cc7effab
|
||||
generated: "2025-12-15T19:04:05.574701-06:00"
|
||||
|
||||
@@ -21,7 +21,7 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
|
||||
appVersion: 1.5.3
|
||||
|
||||
28
clusters/cl01tl/helm/bazarr/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/bazarr/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-bazarr
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-bazarr
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- bazarr.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: bazarr
|
||||
port: 80
|
||||
weight: 100
|
||||
@@ -15,7 +15,7 @@ bazarr:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/bazarr
|
||||
tag: 1.5.3@sha256:001875e61839c8a50743f0bc0fa4da2a55ed8a038b9b5ed0dd2c663dd3d0bfc7
|
||||
tag: 1.5.3@sha256:648f694532a3a53d8cf78bc888919ef538659bad41af4c680b0427ad1047d171
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -36,27 +36,6 @@ bazarr:
|
||||
port: 80
|
||||
targetPort: 6767
|
||||
protocol: HTTP
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- bazarr.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: bazarr
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
forceRename: bazarr-config
|
||||
|
||||
19
clusters/cl01tl/helm/blocky/templates/service-monitor.yaml
Normal file
19
clusters/cl01tl/helm/blocky/templates/service-monitor.yaml
Normal file
@@ -0,0 +1,19 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: blocky
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: blocky
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: blocky
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
endpoints:
|
||||
- port: metrics
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
path: /metrics
|
||||
@@ -129,6 +129,7 @@ blocky:
|
||||
huntarr IN CNAME traefik-cl01tl
|
||||
immich IN CNAME traefik-cl01tl
|
||||
jellyfin IN CNAME traefik-cl01tl
|
||||
jellyfin-vue IN CNAME traefik-cl01tl
|
||||
jellystat IN CNAME traefik-cl01tl
|
||||
kiwix IN CNAME traefik-cl01tl
|
||||
komodo IN CNAME traefik-cl01tl
|
||||
@@ -288,19 +289,6 @@ blocky:
|
||||
port: 4000
|
||||
targetPort: 4000
|
||||
protocol: TCP
|
||||
serviceMonitor:
|
||||
main:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: blocky
|
||||
app.kubernetes.io/instance: blocky
|
||||
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
|
||||
endpoints:
|
||||
- port: metrics
|
||||
scheme: http
|
||||
path: /metrics
|
||||
interval: 30s
|
||||
scrapeTimeout: 10s
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
|
||||
@@ -7,9 +7,9 @@ dependencies:
|
||||
version: 25.10.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:bc29fb12a2a7fde74e243be7ee4c22f4de82cdb6867ab95ddbd47e1d755b8a82
|
||||
generated: "2025-12-18T02:43:39.236584539Z"
|
||||
version: 0.5.0
|
||||
digest: sha256:6981b2c060c19bac6517578bd9b5b11a300a4deb431110bf90da317237a4a252
|
||||
generated: "2025-12-15T19:15:49.886575-06:00"
|
||||
|
||||
@@ -22,11 +22,11 @@ dependencies:
|
||||
repository: https://helm.mariadb.com/mariadb-operator
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
|
||||
appVersion: v1.13.2
|
||||
|
||||
28
clusters/cl01tl/helm/booklore/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/booklore/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-booklore
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-booklore
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- booklore.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: booklore
|
||||
port: 80
|
||||
weight: 100
|
||||
14
clusters/cl01tl/helm/booklore/templates/service.yaml
Normal file
14
clusters/cl01tl/helm/booklore/templates/service.yaml
Normal file
@@ -0,0 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: garage-ps10rp
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-ps10rp
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
annotations:
|
||||
tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net
|
||||
spec:
|
||||
externalName: placeholder
|
||||
type: ExternalName
|
||||
@@ -9,7 +9,7 @@ booklore:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/booklore-app/booklore
|
||||
tag: v1.15.0
|
||||
tag: v1.13.2
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -39,27 +39,6 @@ booklore:
|
||||
port: 80
|
||||
targetPort: 6060
|
||||
protocol: HTTP
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- booklore.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: booklore
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
forceRename: booklore-config
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: cilium
|
||||
repository: https://helm.cilium.io/
|
||||
version: 1.18.5
|
||||
digest: sha256:b997853961dca1ed43d32b58b17e6e592581eb555db0b1457b168251cf3aaa45
|
||||
generated: "2025-12-17T16:05:05.870297681Z"
|
||||
version: 1.18.4
|
||||
digest: sha256:e38eb92ee87c9a52b0f45a2451142ade02bac7d484b246d32379eacce3800bc8
|
||||
generated: "2025-12-02T17:17:49.043599-06:00"
|
||||
|
||||
@@ -15,7 +15,7 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: cilium
|
||||
version: 1.18.5
|
||||
version: 1.18.4
|
||||
repository: https://helm.cilium.io/
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
|
||||
appVersion: 1.18.4
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: hubble
|
||||
name: http-route-hubble
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: hubble
|
||||
app.kubernetes.io/name: http-route-hubble
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -60,7 +60,7 @@ cilium:
|
||||
method: cronJob
|
||||
relay:
|
||||
enabled: true
|
||||
prometheus:
|
||||
metrics:
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
ui:
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:8f24ac0aa7245c517cd68f4e9fb97de110620922b9bbdf3270e83aa4ad201324
|
||||
generated: "2025-12-18T02:43:53.325443712Z"
|
||||
version: 0.5.0
|
||||
digest: sha256:bd1cbd66ccb360978a342ee218bfb01006a486fb85c5714acd593b9e1389b151
|
||||
generated: "2025-12-15T21:50:58.968382-06:00"
|
||||
|
||||
@@ -21,11 +21,12 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
|
||||
appVersion: 4.106.3
|
||||
|
||||
@@ -26,3 +26,26 @@ spec:
|
||||
key: /cl01tl/code-server/auth
|
||||
metadataPolicy: None
|
||||
property: SUDO_PASSWORD
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: code-server-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: code-server-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/codeserver
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
28
clusters/cl01tl/helm/code-server/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/code-server/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-code-server
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-code-server
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- code-server.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: code-server
|
||||
port: 8443
|
||||
weight: 100
|
||||
@@ -9,7 +9,7 @@ code-server:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/linuxserver/code-server
|
||||
tag: 4.107.0@sha256:0d48d3a48b7db214556bea453ed371f0d295130fb5c3d43534aedb41627446f2
|
||||
tag: 4.106.3@sha256:83793e4460090d6c46f4842ff6ab8aa26ad8a567885112bbe754b45c61935055
|
||||
pullPolicy: IfNotPresent
|
||||
env:
|
||||
- name: TZ
|
||||
@@ -35,27 +35,6 @@ code-server:
|
||||
port: 8443
|
||||
targetPort: 8443
|
||||
protocol: HTTP
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- code-server.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: code-server
|
||||
port: 8443
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
forceRename: code-server-config
|
||||
@@ -68,6 +47,8 @@ code-server:
|
||||
main:
|
||||
- path: /config
|
||||
readOnly: false
|
||||
cloudflared:
|
||||
existingSecretName: code-server-cloudflared-secret
|
||||
volsync-target-config:
|
||||
pvcTarget: code-server-config
|
||||
moverSecurityContext:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
coredns:
|
||||
image:
|
||||
repository: registry.k8s.io/coredns/coredns
|
||||
tag: v1.13.2
|
||||
tag: v1.13.1
|
||||
replicaCount: 3
|
||||
resources:
|
||||
requests:
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:d9c95b9a697ebe9fb98ebb2a5e2f7058c26b9207742eadcd56f278ff36d00855
|
||||
generated: "2025-12-23T16:47:50.269275-06:00"
|
||||
digest: sha256:1035fe225f5439c73fdc8b498c2164bad362e0198bc2ad40eab6b5d0bae9f86d
|
||||
generated: "2025-12-15T14:37:45.474556-06:00"
|
||||
|
||||
@@ -22,11 +22,12 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
alias: cloudflared-directus
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: redis-replication
|
||||
version: 0.5.0
|
||||
|
||||
@@ -41,36 +41,6 @@ spec:
|
||||
metadataPolicy: None
|
||||
property: key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
@@ -123,3 +93,123 @@ spec:
|
||||
key: /cl01tl/directus/redis
|
||||
metadataPolicy: None
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /authentik/oidc/directus
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/directus
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
22
clusters/cl01tl/helm/directus/templates/service-monitor.yaml
Normal file
22
clusters/cl01tl/helm/directus/templates/service-monitor.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: directus
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: directus
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
endpoints:
|
||||
- port: http
|
||||
interval: 30s
|
||||
scrapeTimeout: 15s
|
||||
path: /metrics
|
||||
bearerTokenSecret:
|
||||
name: directus-metric-token
|
||||
key: metric-token
|
||||
@@ -153,63 +153,63 @@ directus:
|
||||
port: 80
|
||||
targetPort: 8055
|
||||
protocol: TCP
|
||||
serviceMonitor:
|
||||
main:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: directus
|
||||
app.kubernetes.io/instance: directus
|
||||
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
|
||||
endpoints:
|
||||
- port: http
|
||||
interval: 30s
|
||||
scrapeTimeout: 15s
|
||||
path: /metrics
|
||||
bearerTokenSecret:
|
||||
name: directus-metric-token
|
||||
key: metric-token
|
||||
cloudflared-directus:
|
||||
name: cloudflared-directus
|
||||
existingSecretName: directus-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
storage:
|
||||
storageClass: local-path
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
index: 1
|
||||
endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
|
||||
endpointCredentialsIncludeRegion: true
|
||||
retentionPolicy: "3d"
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# - name: external
|
||||
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/directus/directus-postgresql-18-cluster
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# retentionPolicy: "30d"
|
||||
# isWALArchiver: false
|
||||
# - name: garage-remote
|
||||
# destinationPath: s3://postgres-backups/cl01tl/directus/directus-postgresql-18-cluster
|
||||
# index: 1
|
||||
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
# endpointCredentials: directus-postgresql-18-cluster-backup-secret-garage
|
||||
# retentionPolicy: "30d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
# jobs: 2
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
# - name: weekly-backup
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
redis-replication:
|
||||
existingSecret:
|
||||
enabled: true
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 1.4.26
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
digest: sha256:640ff55a95ff9fd12716bc76106d13189867832f905eaa393b5f67553bd8c961
|
||||
generated: "2025-12-17T19:05:53.062353-06:00"
|
||||
version: 1.23.2
|
||||
digest: sha256:f9196cbede894c6da6ecedd9ae05d3f1fd0e20304eca8ca38c18334a923b2235
|
||||
generated: "2025-12-07T02:54:29.895481505Z"
|
||||
|
||||
@@ -20,7 +20,8 @@ dependencies:
|
||||
version: 1.4.26
|
||||
repository: https://ananace.gitlab.io/charts
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
|
||||
appVersion: v1.12.6
|
||||
|
||||
@@ -0,0 +1,21 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: element-web-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: element-web-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/element
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
@@ -2,7 +2,7 @@ element-web:
|
||||
replicaCount: 1
|
||||
image:
|
||||
repository: vectorim/element-web
|
||||
tag: v1.12.7
|
||||
tag: v1.12.6
|
||||
pullPolicy: IfNotPresent
|
||||
defaultServer:
|
||||
url: https://matrix.alexlebens.dev
|
||||
@@ -24,3 +24,5 @@ element-web:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 128Mi
|
||||
cloudflared:
|
||||
existingSecretName: element-web-cloudflared-secret
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:c6d6edb1e46805147b2b8bc9371e807113480c9a97687c5a856cf7b64a204cbd
|
||||
generated: "2025-12-18T02:44:09.319124495Z"
|
||||
version: 0.3.0
|
||||
digest: sha256:476021b852fbbd829570bcb88309eea92bd096cb4ec79efe2d895ee0c46f1c49
|
||||
generated: "2025-12-15T21:43:24.262051-06:00"
|
||||
|
||||
@@ -21,7 +21,7 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 0.6.0
|
||||
version: 0.3.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/ephemera.png
|
||||
appVersion: 1.3.1
|
||||
|
||||
28
clusters/cl01tl/helm/ephemera/templates/http-route.yaml
Normal file
28
clusters/cl01tl/helm/ephemera/templates/http-route.yaml
Normal file
@@ -0,0 +1,28 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-ephemera
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-ephemera
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- ephemera.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: ephemera
|
||||
port: 80
|
||||
weight: 100
|
||||
@@ -80,27 +80,6 @@ ephemera:
|
||||
port: 80
|
||||
targetPort: 8286
|
||||
protocol: HTTP
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- ephemera.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: ephemera
|
||||
port: 80
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
forceRename: ephemera
|
||||
|
||||
@@ -76,12 +76,6 @@ spec:
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.82
|
||||
# Shelly Plug
|
||||
- dnsName: it05sp.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.100
|
||||
|
||||
---
|
||||
apiVersion: externaldns.k8s.io/v1alpha1
|
||||
@@ -151,7 +145,7 @@ spec:
|
||||
targets:
|
||||
- 10.232.1.22
|
||||
# Treafik Proxy
|
||||
- dnsName: plex-lb.alexlebens.net
|
||||
- dnsName: plex.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
repository: https://charts.external-secrets.io
|
||||
version: 1.2.0
|
||||
digest: sha256:6e713c4b50c14d9daf1758d9f169d10a8c7274d2c42490846817b6fb1a3ce558
|
||||
generated: "2025-12-20T01:04:35.136580598Z"
|
||||
version: 1.1.1
|
||||
digest: sha256:d346563864c95c4ca3fe5f04f6b292e417069d171f5866b5af0fe84277481493
|
||||
generated: "2025-12-06T18:01:23.564488208Z"
|
||||
|
||||
@@ -12,7 +12,7 @@ sources:
|
||||
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
version: 1.2.0
|
||||
version: 1.1.1
|
||||
repository: https://charts.external-secrets.io
|
||||
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
|
||||
appVersion: v1.1.1
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:a73351fc38c927eb7fef8c536069b21ca4d99e3ffb193ee64d9b93dbdc728ec4
|
||||
generated: "2025-12-23T17:04:20.474187-06:00"
|
||||
version: 0.5.0
|
||||
digest: sha256:80a27ffb18fd1a635f16e70b90c2395f2de300ed50d072a8b87353f1ec3304cb
|
||||
generated: "2025-12-15T21:47:10.578165-06:00"
|
||||
|
||||
@@ -22,15 +22,16 @@ dependencies:
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.5.0
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
|
||||
appVersion: 1.27.1
|
||||
|
||||
@@ -70,3 +70,93 @@ spec:
|
||||
key: /authentik/oidc/freshrss
|
||||
metadataPolicy: None
|
||||
property: crypto-key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/freshrss
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
@@ -11,7 +11,7 @@ freshrss:
|
||||
runAsUser: 0
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.2
|
||||
tag: 3.23.0
|
||||
pullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -35,7 +35,7 @@ freshrss:
|
||||
runAsUser: 0
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.2
|
||||
tag: 3.23.0
|
||||
pullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -59,7 +59,7 @@ freshrss:
|
||||
runAsUser: 0
|
||||
image:
|
||||
repository: alpine
|
||||
tag: 3.23.2
|
||||
tag: 3.23.0
|
||||
pullPolicy: IfNotPresent
|
||||
command:
|
||||
- /bin/sh
|
||||
@@ -192,48 +192,62 @@ freshrss:
|
||||
main:
|
||||
- path: /var/www/FreshRSS/extensions
|
||||
readOnly: false
|
||||
cloudflared:
|
||||
existingSecretName: freshrss-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
storage:
|
||||
storageClass: local-path
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
index: 1
|
||||
endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
|
||||
endpointCredentialsIncludeRegion: true
|
||||
retentionPolicy: "3d"
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# - name: external
|
||||
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/freshrss/freshrss-postgresql-18-cluster
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# retentionPolicy: "30d"
|
||||
# isWALArchiver: false
|
||||
# - name: garage-remote
|
||||
# destinationPath: s3://postgres-backups/cl01tl/freshrss/freshrss-postgresql-18-cluster
|
||||
# index: 1
|
||||
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
# endpointCredentials: freshrss-postgresql-18-cluster-backup-secret-garage
|
||||
# retentionPolicy: "30d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
# jobs: 2
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: daily-backup
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
volsync-target-data:
|
||||
pvcTarget: freshrss-data
|
||||
moverSecurityContext:
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:61c919869d56032bfa09b2e159a6b2dd2a43debf34968be2d66cf2211100a2c5
|
||||
generated: "2025-12-18T02:44:33.509296082Z"
|
||||
version: 0.5.0
|
||||
digest: sha256:3d3469c5177b9501cbb34a5faf376fbe4d9b98bd033ad51ee51487a1c2f28d4e
|
||||
generated: "2025-12-15T22:10:00.495878-06:00"
|
||||
|
||||
@@ -20,7 +20,7 @@ dependencies:
|
||||
version: 4.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-db
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
appVersion: v2.1.0
|
||||
|
||||
58
clusters/cl01tl/helm/garage/templates/http-route.yaml
Normal file
58
clusters/cl01tl/helm/garage/templates/http-route.yaml
Normal file
@@ -0,0 +1,58 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-garage-webui
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-garage-webui
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- garage-webui.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: garage-webui
|
||||
port: 3909
|
||||
weight: 100
|
||||
|
||||
---
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: http-route-garage-s3
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: http-route-garage-s3
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- garage-s3.alexlebens.net
|
||||
rules:
|
||||
- matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: garage-main
|
||||
port: 3900
|
||||
weight: 100
|
||||
22
clusters/cl01tl/helm/garage/templates/service-monitor.yaml
Normal file
22
clusters/cl01tl/helm/garage/templates/service-monitor.yaml
Normal file
@@ -0,0 +1,22 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
endpoints:
|
||||
- port: admin
|
||||
interval: 1m
|
||||
scrapeTimeout: 30s
|
||||
path: /metrics
|
||||
bearerTokenSecret:
|
||||
name: garage-token-secret
|
||||
key: GARAGE_METRICS_TOKEN
|
||||
@@ -104,62 +104,6 @@ garage:
|
||||
port: 3909
|
||||
targetPort: 3909
|
||||
protocol: HTTP
|
||||
serviceMonitor:
|
||||
main:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: garage
|
||||
app.kubernetes.io/instance: garage
|
||||
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
|
||||
endpoints:
|
||||
- port: admin
|
||||
interval: 1m
|
||||
scrapeTimeout: 30s
|
||||
path: /metrics
|
||||
bearerTokenSecret:
|
||||
name: garage-token-secret
|
||||
key: GARAGE_METRICS_TOKEN
|
||||
route:
|
||||
webui:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- garage-webui.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: garage-webui
|
||||
port: 3909
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
s3:
|
||||
kind: HTTPRoute
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
kind: Gateway
|
||||
name: traefik-gateway
|
||||
namespace: traefik
|
||||
hostnames:
|
||||
- garage-s3.alexlebens.net
|
||||
rules:
|
||||
- backendRefs:
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: garage-main
|
||||
port: 3900
|
||||
weight: 100
|
||||
matches:
|
||||
- path:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
persistence:
|
||||
config:
|
||||
enabled: true
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 1.4.4
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:a4f701f64327062a92b491d97728f02367e09412aca46705c1cbd8c2c438d76a
|
||||
generated: "2025-12-23T17:10:07.510553-06:00"
|
||||
version: 0.5.0
|
||||
digest: sha256:367bfee3e6811bfd4591cf76f09a419f312007d797b83311e76c8d01318e73fe
|
||||
generated: "2025-12-15T22:11:48.014486-06:00"
|
||||
|
||||
@@ -22,11 +22,11 @@ dependencies:
|
||||
version: 1.4.4
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
|
||||
appVersion: v5.33.0
|
||||
|
||||
@@ -49,3 +49,70 @@ spec:
|
||||
key: /authentik/oidc/gatus
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gatus-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gatus-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gatus-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: gatus
|
||||
name: http-route-gatus
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gatus
|
||||
app.kubernetes.io/name: http-route-gatus
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -7,7 +7,7 @@ gatus:
|
||||
enabled: true
|
||||
image:
|
||||
repository: ghcr.io/twin/gatus
|
||||
tag: v5.33.1
|
||||
tag: v5.33.0
|
||||
annotations:
|
||||
reloader.stakater.com/auto: "true"
|
||||
service:
|
||||
@@ -122,6 +122,9 @@ gatus:
|
||||
- name: jellyfin
|
||||
url: https://jellyfin.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: jellyfin-vue
|
||||
url: https://jellyfin-vue.alexlebens.net
|
||||
<<: *defaults
|
||||
- name: overseerr
|
||||
url: https://overseerr.alexlebens.net
|
||||
<<: *defaults
|
||||
@@ -372,45 +375,57 @@ gatus:
|
||||
group: external
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
storage:
|
||||
storageClass: local-path
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
index: 1
|
||||
endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
|
||||
endpointCredentialsIncludeRegion: true
|
||||
retentionPolicy: "3d"
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# - name: external
|
||||
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gatus/gatus-postgresql-18-cluster
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# retentionPolicy: "30d"
|
||||
# isWALArchiver: false
|
||||
# - name: garage-remote
|
||||
# destinationPath: s3://postgres-backups/cl01tl/gatus/gatus-postgresql-18-cluster
|
||||
# index: 1
|
||||
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
# endpointCredentials: gatus-postgresql-18-cluster-backup-secret-garage
|
||||
# retentionPolicy: "30d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
# jobs: 2
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: daily-backup
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
volsync-target-data:
|
||||
pvcTarget: gatus
|
||||
|
||||
@@ -7,13 +7,13 @@ dependencies:
|
||||
version: 0.2.1
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.19.0
|
||||
version: 0.18.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
@@ -22,6 +22,6 @@ dependencies:
|
||||
version: 0.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.0
|
||||
digest: sha256:978756233cbc1b10dedb4bd60568809ab368b0023732dbfeefa81d3c3fa95459
|
||||
generated: "2025-12-23T17:13:14.918887-06:00"
|
||||
version: 0.5.0
|
||||
digest: sha256:686bad050b4830fdc04ea00c06fa82f4251fda3add5e413a875cc48195c1628e
|
||||
generated: "2025-12-16T19:19:36.685915-06:00"
|
||||
|
||||
@@ -32,14 +32,15 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.2.1
|
||||
- name: meilisearch
|
||||
version: 0.19.0
|
||||
version: 0.18.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
alias: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.1.4
|
||||
version: 1.23.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: redis-replication
|
||||
alias: redis-replication-gitea
|
||||
@@ -51,7 +52,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-storage
|
||||
version: 0.6.0
|
||||
version: 0.5.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
|
||||
appVersion: 1.25.2
|
||||
|
||||
@@ -196,3 +196,93 @@ spec:
|
||||
key: /cl01tl/gitea/meilisearch
|
||||
metadataPolicy: None
|
||||
property: MEILI_MASTER_KEY
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-cloudflared-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-cloudflared-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: cf-tunnel-token
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /cloudflare/tunnels/gitea
|
||||
metadataPolicy: None
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: gitea
|
||||
name: http-route-gitea
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea
|
||||
app.kubernetes.io/name: http-route-gitea
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1alpha2
|
||||
kind: TCPRoute
|
||||
metadata:
|
||||
name: gitea-ssh
|
||||
name: tcp-route-gitea-ssh
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-ssh
|
||||
app.kubernetes.io/name: tcp-route-gitea-ssh
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -4,7 +4,7 @@ gitea:
|
||||
replicaCount: 3
|
||||
image:
|
||||
repository: gitea/gitea
|
||||
tag: 1.25.3
|
||||
tag: 1.25.2
|
||||
service:
|
||||
http:
|
||||
type: ClusterIP
|
||||
@@ -185,9 +185,15 @@ meilisearch:
|
||||
memory: 128Mi
|
||||
serviceMonitor:
|
||||
enabled: true
|
||||
cloudflared:
|
||||
existingSecretName: gitea-cloudflared-secret
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
storage:
|
||||
storageClass: local-path
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
resources:
|
||||
requests:
|
||||
memory: 1Gi
|
||||
@@ -195,43 +201,50 @@ postgres-18-cluster:
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
index: 1
|
||||
endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
|
||||
endpointCredentialsIncludeRegion: true
|
||||
retentionPolicy: "3d"
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# - name: external
|
||||
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/gitea/gitea-postgresql-18-cluster
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# retentionPolicy: "30d"
|
||||
# isWALArchiver: false
|
||||
# - name: garage-remote
|
||||
# destinationPath: s3://postgres-backups/cl01tl/gitea/gitea-postgresql-18-cluster
|
||||
# index: 1
|
||||
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
# endpointCredentials: gitea-postgresql-18-cluster-backup-secret-garage
|
||||
# retentionPolicy: "30d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
# jobs: 2
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: daily-backup
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
redis-replication-gitea:
|
||||
replicationNameOverride: redis-replication-gitea
|
||||
sentinelNameOverride: redis-sentinel-gitea
|
||||
@@ -261,11 +274,6 @@ redis-replication-renovate:
|
||||
enabled: false
|
||||
volsync-target-storage:
|
||||
pvcTarget: gitea-shared-storage
|
||||
moverSecurityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 0 0 0 * * *
|
||||
@@ -277,10 +285,9 @@ volsync-target-storage:
|
||||
weekly: 3
|
||||
monthly: 0
|
||||
yearly: 0
|
||||
copyMethod: Snapshot
|
||||
copyMethod: Clone
|
||||
storageClassName: ceph-filesystem
|
||||
volumeSnapshotClassName: ceph-filesystem-snapshot
|
||||
cacheCapacity: 10Gi
|
||||
cacheCapacity: 40Gi
|
||||
external:
|
||||
enabled: false
|
||||
remote:
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
dependencies:
|
||||
- name: grafana-operator
|
||||
repository: https://grafana.github.io/helm-charts
|
||||
version: 5.21.3
|
||||
version: 5.21.1
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:cf38a5967c4da4236045746fcd619b4abd655feb4da970a398e282193ddb887e
|
||||
generated: "2025-12-23T17:15:11.407801-06:00"
|
||||
digest: sha256:4268870b640674c1bcde0e75f58d0c0bb0444e5a53f813f33b5ce279df86feb3
|
||||
generated: "2025-12-17T03:03:53.168700565Z"
|
||||
|
||||
@@ -17,11 +17,11 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: grafana-operator
|
||||
version: 5.21.3
|
||||
version: 5.21.1
|
||||
repository: https://grafana.github.io/helm-charts
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: redis-replication
|
||||
alias: redis-replication-unified-alerting
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
apiVersion: gateway.networking.k8s.io/v1
|
||||
kind: HTTPRoute
|
||||
metadata:
|
||||
name: grafana
|
||||
name: http-route-grafana
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana
|
||||
app.kubernetes.io/name: http-route-grafana
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
|
||||
@@ -14,46 +14,58 @@ grafana-operator:
|
||||
enabled: false
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
storage:
|
||||
storageClass: local-path
|
||||
walStorage:
|
||||
storageClass: local-path
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
index: 1
|
||||
endpointCredentials: grafana-operator-postgresql-18-cluster-backup-secret-garage
|
||||
backup:
|
||||
objectStore:
|
||||
- name: garage-local
|
||||
destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
|
||||
index: 1
|
||||
destinationBucket: postgres-backups
|
||||
externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
endpointURL: http://garage-main.garage:3900
|
||||
endpointCredentials: grafana-operator-postgresql-18-cluster-backup-secret-garage
|
||||
endpointCredentialsIncludeRegion: true
|
||||
retentionPolicy: "3d"
|
||||
isWALArchiver: true
|
||||
# - name: garage-remote
|
||||
# - name: external
|
||||
# destinationPath: s3://postgres-backups-ce540ddf106d186bbddca68a/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
|
||||
# index: 1
|
||||
# destinationBucket: postgres-backups
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# retentionPolicy: "90d"
|
||||
# retentionPolicy: "30d"
|
||||
# isWALArchiver: false
|
||||
# - name: garage-remote
|
||||
# destinationPath: s3://postgres-backups/cl01tl/grafana-operator/grafana-operator-postgresql-18-cluster
|
||||
# index: 1
|
||||
# endpointURL: https://garage-ps10rp.boreal-beaufort.ts.net:3900
|
||||
# endpointCredentials: grafana-operator-postgresql-18-cluster-backup-secret-garage
|
||||
# retentionPolicy: "30d"
|
||||
# data:
|
||||
# compression: bzip2
|
||||
# - name: external
|
||||
# index: 1
|
||||
# endpointURL: https://nyc3.digitaloceanspaces.com
|
||||
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
|
||||
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
|
||||
# isWALArchiver: false
|
||||
# jobs: 2
|
||||
scheduledBackups:
|
||||
- name: live-backup
|
||||
suspend: false
|
||||
immediate: true
|
||||
schedule: "0 0 0 * * *"
|
||||
backupName: garage-local
|
||||
# - name: daily-backup
|
||||
# suspend: false
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
# - name: weekly-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 4 * * SAT"
|
||||
# backupName: garage-remote
|
||||
# - name: daily-backup
|
||||
# suspend: true
|
||||
# immediate: true
|
||||
# schedule: "0 0 0 * * *"
|
||||
# backupName: external
|
||||
redis-replication-unified-alerting:
|
||||
replicationNameOverride: redis-replication-unified-alerting
|
||||
sentinelNameOverride: redis-sentinel-unified-alerting
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 1.18.1
|
||||
- name: postgres-cluster
|
||||
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
|
||||
version: 7.4.3
|
||||
version: 7.1.3
|
||||
- name: redis-replication
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.5.0
|
||||
digest: sha256:8f27e668381e0ce960f2dfcb6bb5b33feb708497b088b6af2a72a5816bc3df6d
|
||||
generated: "2025-12-23T17:17:55.749328-06:00"
|
||||
digest: sha256:8c13446e75a900ff8f217ce56dda82c0128fd7d08b6c2d4db17ed312d9ec367a
|
||||
generated: "2025-12-16T22:02:00.490136294Z"
|
||||
|
||||
@@ -21,7 +21,7 @@ dependencies:
|
||||
repository: https://helm.goharbor.io
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.4.3
|
||||
version: 7.1.3
|
||||
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
|
||||
- name: redis-replication
|
||||
version: 0.5.0
|
||||
|
||||
@@ -96,3 +96,70 @@ spec:
|
||||
key: /cl01tl/harbor/registry
|
||||
metadataPolicy: None
|
||||
property: REGISTRY_CREDENTIAL_PASSWORD
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: harbor-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: harbor-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: harbor-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: harbor-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
conversionStrategy: Default
|
||||
decodingStrategy: None
|
||||
key: /garage/home-infra/postgres-backups
|
||||
metadataPolicy: None
|
||||
property: ACCESS_REGION
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user