alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions Activity

Compare commits

base: alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp
Branches Tags
alexlebens:main alexlebens:manifests alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-goharborregistry-photon alexlebens:renovate/unified-goharborharbor-registryctl alexlebens:renovate/unified-goharborharbor-portal alexlebens:renovate/unified-goharborharbor-jobservice alexlebens:renovate/unified-goharborharbor-exporter alexlebens:renovate/unified-goharborharbor-core alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:dev
..
compare: alexlebens:81d7559341505bb176b9c6d1955e75d4c2b1f666
Branches Tags
alexlebens:manifests alexlebens:renovate/cilium-1.x alexlebens:renovate/unified-goharborregistry-photon alexlebens:renovate/unified-goharborharbor-registryctl alexlebens:renovate/unified-goharborharbor-portal alexlebens:renovate/unified-goharborharbor-jobservice alexlebens:renovate/unified-goharborharbor-exporter alexlebens:renovate/unified-goharborharbor-core alexlebens:renovate/unified-dock.mau.devmautrixwhatsapp alexlebens:main alexlebens:dev

1 Commits
renovate/u ... 81d7559341

Author SHA1 Message Date
Renovate Bot
81d7559341 chore(deps): update helm release volsync to v0.15.0
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 21s
Details
render-manifests-automerge / render-manifests-automerge (pull_request) Has been skipped
Details
render-manifests-merge / render-manifests-merge (pull_request) Successful in 50s
Details
2026-03-05 19:29:35 +00:00
259 changed files with 3091 additions and 3358 deletions
Expand all files Collapse all files

79
.gitea/workflows/lint-test-docker.yaml
View File

@@ -14,7 +14,7 @@ on:
- 'hosts/**'
env:
BASE_BRANCH: "origin/${{ github.base_ref }}"
BASE_BRANCH: "origin/${{ gitea.base_ref }}"
jobs:
lint-docker-compose:
@@ -36,20 +36,19 @@ jobs:
id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: |
if [ "${{ github.event_name }}" == "push" ]; then
if [ ${{ github.event_name == 'push' }} ]; then
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ github.base_ref }} exists, will continue with linting"
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo ""
echo "----"
echo "exists=true" >> $GITHUB_OUTPUT
echo "exists=true" >> $GITEA_OUTPUT
- name: Set Up Node.js
- name: Set up Node.js
if: steps.branch-exists.outputs.exists == 'true'
uses: actions/setup-node@v6
with:
@@ -59,48 +58,58 @@ jobs:
id: check-dir-changes
if: steps.branch-exists.outputs.exists == 'true'
run: |
CHANGED_COMPOSE=()
echo ">> Target branch for diff is: ${BASE_BRANCH}"
if [ "${{ github.event_name }}" == "pull_request" ]; then
DIFF_TARGET="${BASE_BRANCH}"
echo ""
echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
else
DIFF_TARGET="${{ github.event.before }}..HEAD"
echo ""
echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
fi
CHANGED_COMPOSE=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^hosts/[^/]+/[^/]+/" | cut -d/ -f1,2,3 | sort -u || true)
if [ -n "${GIT_DIFF}" ]; then
echo ""
echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "hosts/[^/]+/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_COMPOSE+=$(echo "$path")
CHANGED_COMPOSE+=$(echo " ")
fi
done
else
echo ""
echo ">> No changes detected"
fi
if [ -n "${CHANGED_COMPOSE}" ]; then
echo ""
echo ">> Compose to Lint:"
echo ""
echo "${CHANGED_COMPOSE}"
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)"
CHANGED_COMPOSE_CSV=$(echo "$CHANGED_COMPOSE" | paste -sd ',' -)
echo ""
echo "----"
echo "changes-detected=true" >> $GITHUB_OUTPUT
echo "compose-dir-csv=${CHANGED_COMPOSE_CSV}" >> $GITHUB_OUTPUT
echo "compose-dir<<EOF" >> $GITHUB_OUTPUT
echo "${CHANGED_COMPOSE}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "compose-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_COMPOSE}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo ""
echo ">> Did not find any docker compose files to lint"
echo ""
echo "----"
echo "changes-detected=false" >> $GITHUB_OUTPUT
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
- name: Lint Docker Compose
@@ -108,27 +117,25 @@ jobs:
env:
CHANGED_COMPOSE: ${{ steps.check-dir-changes.outputs.compose-dir }}
run: |
echo ">> Running dclint on changed compose files ..."
for COMPOSE in $CHANGED_COMPOSE; do
echo ">> Linting ${COMPOSE} ..."
npx dclint ${COMPOSE}
echo ">> Running dclint on changed compose files:"
echo "$CHANGED_COMPOSE"
for compose in $CHANGED_COMPOSE; do
echo ">> Linting $compose ..."
npx dclint $compose
done
echo ""
echo "----"
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Docker Compose Test Failure'
title: 'Test Failure - Infrastructure'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Docker linting for compose dirs: ${{ steps.check-dir-changes.outputs.compose-dir-csv }}"
details: 'Docker linting on Pull Request for Infrastructure has failed!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-docker-pull.yaml", "clear": true}]'
image: true

303
.gitea/workflows/lint-test-helm.yaml
View File

@@ -15,17 +15,11 @@ on:
env:
CLUSTER: cl01tl
BASE_BRANCH: "origin/${{ github.base_ref }}"
# renovate: datasource=github-releases depName=yannh/kubeconform
KUBECONFORM_VERSION: "v0.6.7"
BASE_BRANCH: "origin/${{ gitea.base_ref }}"
jobs:
lint-helm:
runs-on: ubuntu-js
outputs:
chart-dir: ${{ steps.check-dir-changes.outputs.chart-dir }}
chart-dir-csv: ${{ steps.check-dir-changes.outputs.chart-dir-csv }}
changes-detected: ${{ steps.check-dir-changes.outputs.changes-detected }}
steps:
- name: Checkout
uses: actions/checkout@v6
@@ -37,91 +31,88 @@ jobs:
if: github.event_name == 'pull_request'
uses: GuillaumeFalourd/branch-exists@v1.1
with:
branch: ${{ github.base_ref }}
branch: ${{ gitea.base_ref }}
- name: Report Branch Exists
id: branch-exists
if: github.event_name == 'push' || steps.check-branch-exists.outputs.exists == 'true' && github.event_name == 'pull_request'
run: |
if [ "${{ github.event_name }}" == "push" ]; then
if [ ${{ github.event_name == 'push' }} ]; then
echo ">> Action is from a push event, will continue with linting"
else
echo ">> Branch ${{ github.base_ref }} exists, will continue with linting"
echo ">> Branch ${{ gitea.base_ref }} exists, will continue with linting"
fi
echo ""
echo "----"
echo "exists=true" >> $GITHUB_OUTPUT
echo "exists=true" >> $GITEA_OUTPUT
- name: Set Up Helm
- name: Set up Helm
if: steps.branch-exists.outputs.exists == 'true'
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm
version: v4.1.3
version: v3.19.2
cache: true
- name: Cache Helm Dependencies
if: steps.branch-exists.outputs.exists == 'true'
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Check Directories for Changes
id: check-dir-changes
if: steps.branch-exists.outputs.exists == 'true'
run: |
CHANGED_CHARTS=()
echo ">> Target branch for diff is: ${BASE_BRANCH}"
if [ "${{ github.event_name }}" == "pull_request" ]; then
DIFF_TARGET="${BASE_BRANCH}"
echo ""
echo ">> Checking for changes in a pull request ..."
GIT_DIFF=$(git diff --name-only "${BASE_BRANCH}" | xargs -I {} dirname {} | sort -u)
else
DIFF_TARGET="${{ github.event.before }}..HEAD"
echo ""
echo ">> Checking for changes from a push ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u)
fi
CHANGED_CHARTS=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
if [ -n "${GIT_DIFF}" ]; then
echo ""
echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
if echo "$path" | grep -q -E "clusters/[^/]+/helm/[^/]+"; then
echo ""
echo ">> Adding path: $path"
CHANGED_CHARTS+=$(echo "$path" | awk -F '/' '{print $4}')
CHANGED_CHARTS+=$(echo "\n")
fi
done
else
echo ""
echo ">> No changes detected"
fi
if [ -n "${CHANGED_CHARTS}" ]; then
echo ""
echo ">> Chart to Lint:"
echo ""
echo "${CHANGED_CHARTS}"
echo "$(echo "${CHANGED_CHARTS}" | sort -u)"
CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
echo ""
echo "----"
echo "changes-detected=true" >> $GITHUB_OUTPUT
echo "chart-dir-csv=${CHANGED_CHARTS_CSV}" >> $GITHUB_OUTPUT
echo "chart-dir<<EOF" >> $GITHUB_OUTPUT
echo "${CHANGED_CHARTS}" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "chart-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${CHANGED_CHARTS}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo ""
echo ">> Did not find any helm charts files to lint"
echo ""
echo "----"
echo "changes-detected=false" >> $GITHUB_OUTPUT
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
- name: Add Repositories
@@ -130,238 +121,68 @@ jobs:
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
run: |
echo ">> Adding repositories for chart dependencies ..."
echo ""
for DIR in ${CHANGED_CHARTS}; do
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
for dir in ${CHANGED_CHARTS}; do
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo ">> Command: $cmd"
echo "$cmd" | sh;
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
if helm repo list | tail +2 | read -r; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo ""
echo "----"
- name: Lint Helm Chart
id: lint
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
CHANGED_CHARTS: ${{ steps.check-dir-changes.outputs.chart-dir }}
run: |
EXIT_CODE=0
FAILED_CHARTS=""
echo ">> Running linting on changed charts ..."
for DIR in ${CHANGED_CHARTS}; do
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
CHART_NAME=$(basename "${CHART_PATH}")
for dir in ${CHANGED_CHARTS}; do
chart_path=clusters/${CLUSTER}/helm/$dir
chart_name=$(basename "$chart_path")
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
echo ""
echo ">> Building helm dependency for ${CHART_NAME} ..."
helm dependency build "${CHART_PATH}" --skip-refresh
if [ -f "$chart_path/Chart.yaml" ]; then
cd $chart_path
echo ""
echo ">> Linting helm chart ${CHART_NAME} ..."
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
if ! helm lint "${CHART_PATH}" --namespace "default"; then
EXIT_CODE=1
if [ -z "${FAILED_CHARTS}" ]; then
FAILED_CHARTS="${DIR}"
else
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
fi
fi
echo ""
echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
else
echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo ""
fi
done
echo ""
echo "----"
echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
exit $EXIT_CODE
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Helm Test Failure'
title: 'Test Failure - Infrastructure'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Helm linting for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.lint.outputs.failed-charts }}"
details: 'Helm linting on Pull Request for Infrastructure has failed!'
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true
validate-kubeconform:
needs: lint-helm
runs-on: ubuntu-js
if: |
needs.lint-helm.result == 'success' &&
needs.lint-helm.outputs.changes-detected == 'true' &&
github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Install Kubeconform
run: |
echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
echo ""
echo ">> Extracting Kubeconform ..."
tar xf kubeconform-linux-amd64.tar.gz
echo ""
echo ">> Installing Kubeconform ..."
sudo mv kubeconform /usr/local/bin/
echo ""
echo ">> Verifying installation ..."
kubeconform -v
echo ""
echo "----"
- name: Set Up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
# renovate: datasource=github-releases depName=helm/helm
version: v4.1.3
cache: true
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Add Repositories
env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: |
echo ">> Adding repositories for chart dependencies ..."
echo ""
for DIR in ${CHANGED_CHARTS}; do
helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo ""
echo "----"
- name: Validate Rendered Templates
id: validate
env:
CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
run: |
SCHEMA_LOCATIONS="-schema-location default -schema-location https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
EXIT_CODE=0
FAILED_CHARTS=""
for DIR in ${CHANGED_CHARTS}; do
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
echo ""
echo ">> Validating: ${DIR}"
helm dependency build "${CHART_PATH}" --skip-refresh
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
kubeconform \
${SCHEMA_LOCATIONS} \
-ignore-missing-schemas \
-strict \
-summary; then
EXIT_CODE=1
if [ -z "${FAILED_CHARTS}" ]; then
FAILED_CHARTS="${DIR}"
else
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
fi
fi
done
echo ""
echo "----"
echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
exit $EXIT_CODE
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: '${{ secrets.NTFY_URL }}'
topic: '${{ secrets.NTFY_TOPIC }}'
title: 'Kubeconform Test Failure'
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Kubeconform for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.validate.outputs.failed-charts }}"
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=lint-test-helm-pull.yaml", "clear": true}]'
image: true

440
.gitea/workflows/render-manifests-automerge.yaml Normal file
View File

@@ -0,0 +1,440 @@
name: render-manifests-automerge
on:
pull_request:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
types:
- closed
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME_BASE: auto/update-manifests-automerge
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-automerge:
runs-on: ubuntu-js
if: ${{ (github.event.pull_request.merged == true) && (contains(github.event.pull_request.labels.*.name, 'automerge')) }}
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch
id: prepare-manifest-branch
run: |
cd ${MANIFEST_DIR}
BRANCH_NAME="${BRANCH_NAME_BASE}-$(date +%Y%m%d%H%M%S)"
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ">> Creating branch ..."
git checkout -b $BRANCH_NAME
echo "----"
echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITEA_OUTPUT
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd ${MAIN_DIR}
RENDER_DIR=()
echo ">> Checking for changes from HEAD^..HEAD ..."
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
if [ -n "${GIT_DIFF}" ]; then
echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then
echo ">> Directories to Render:"
echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Adding repositories for chart dependencies ..."
for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
done
if helm repo list | tail +2 | read -r; then
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MANIFEST_DIR}
echo ">> Remove manfiest files and rebuild from source ..."
for dir in ${RENDER_DIR}; do
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "$chart_path"
rm -rf $chart_path/*
done
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Rendering Manifests ..."
for dir in ${RENDER_DIR}; do
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
chart_name=$(basename "$chart_path")
echo ""
echo ""
echo ">> Rendering chart: $chart_name"
echo ">> Chart path $chart_path"
if [ -f "$chart_path/Chart.yaml" ]; then
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
echo ""
echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack")
echo ""
echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
*)
echo ""
echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo ""
fi
done
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain)
if [ -n "$GIT_CHANGES" ]; then
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: |
cd ${MANIFEST_DIR}
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after automerge"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ">> Pushing changes to $REPO_URL ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
echo "----"
echo "push=true" >> $GITEA_OUTPUT
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${BRANCH_NAME}" \
--arg base "${BASE_BRANCH}" \
--arg title "Automated Manifest Update - Automerge" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow. This is expected to be automerged." \
'{head: $head, base: $base, title: $title, body: $body}' )
echo ">> Creating PR from branch ${BRANCH_NAME} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo ">> Pull Request URL: $PR_URL"
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_NUMBER=$(cat response_body.json | jq -r .number)
echo ">> Pull Request Number: $PR_NUMBER"
echo "pull-request-number=${PR_NUMBER}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: Merge Changes
id: merge-changes
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
PAYLOAD=$( jq -n \
--arg Do "merge" \
'{Do: $Do}' )
echo ">> Merging PR with ID: ${PR_NUMBER}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ]; then
echo ">> Pull Request merged successfully!"
echo "pull-request-operation=merged" >> $GITEA_OUTPUT
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
echo "pull-request-operation=failed" >> $GITEA_OUTPUT
exit 1
fi
echo "----"
- name: Cleanup Branch
if: failure()
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.BRANCH_NAME }}
run: |
cd ${MANIFEST_DIR}
echo ">> Removing branch: ${BRANCH_NAME}"
git push origin --delete ${BRANCH_NAME}
echo "----"
- name: ntfy Merged
uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Merged - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Automerge Manifest rendering for Infrastructure!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Automerge Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests-automerge.yaml", "clear": true}]'
image: true

390
.gitea/workflows/render-manifests-dispatch.yaml Normal file
View File

@@ -0,0 +1,390 @@
name: render-manifests-dispatch
on:
schedule:
- cron: '0 3 * * *'
workflow_dispatch:
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-dispatch:
runs-on: ubuntu-js
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch
run: |
cd ${MANIFEST_DIR}
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ">> Checking if PR branch exists ..."
if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b $BRANCH_NAME
fi
echo "----"
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd ${MAIN_DIR}
RENDER_DIR=()
echo ">> Triggered on dispatch, will check all paths ..."
RENDER_DIR+=$(ls clusters/cl01tl/helm/)
if [ -n "${RENDER_DIR}" ]; then
echo ">> Directories to Render:"
echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Adding repositories for chart dependencies ..."
for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
done
if helm repo list | tail +2 | read -r; then
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Rendering Manifests ..."
for dir in ${RENDER_DIR}; do
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
chart_name=$(basename "$chart_path")
echo ""
echo ""
echo ">> Rendering chart: $chart_name"
echo ">> Chart path $chart_path"
if [ -f "$chart_path/Chart.yaml" ]; then
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
echo ""
echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack")
echo ""
echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
*)
echo ""
echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo ""
fi
done
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain)
if [ -n "$GIT_CHANGES" ]; then
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
run: |
cd ${MANIFEST_DIR}
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ">> Pushing changes to $REPO_URL ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request
id: check-for-pull-requst
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(
curl -X GET \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ">> Pull Request has been found open, will update"
PR_INDEX=$(cat response_body.json | jq -r .[0].number)
echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
echo "pull-request-index=true" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
echo ">> Pull Request found, but was closed"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
else
echo ">> Pull Request not found"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
fi
echo "----"
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${HEAD_BRANCH}" \
--arg base "${BASE_BRANCH}" \
--arg assignee "${ASSIGNEE}" \
--arg title "Automated Manifest Update" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
'{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_ID=$(cat response_body.json | jq -r .id)
echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Created - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
image: true

425
.gitea/workflows/render-manifests-merge.yaml Normal file
View File

@@ -0,0 +1,425 @@
name: render-manifests-merge
on:
pull_request:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
types:
- closed
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-merge:
runs-on: ubuntu-js
if: ${{ (github.event.pull_request.merged == true) && !(contains(github.event.pull_request.labels.*.name, 'automerge')) }}
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch
run: |
cd ${MANIFEST_DIR}
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ">> Checking if PR branch exists ..."
if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b $BRANCH_NAME
fi
echo "----"
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd ${MAIN_DIR}
RENDER_DIR=()
echo ">> Checking for changes from HEAD^..HEAD ..."
GIT_DIFF=$(git diff --name-only HEAD^..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
if [ -n "${GIT_DIFF}" ]; then
echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then
echo ">> Directories to Render:"
echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Adding repositories for chart dependencies ..."
for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
done
if helm repo list | tail +2 | read -r; then
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MANIFEST_DIR}
echo ">> Remove manfiest files and rebuild from source ..."
for dir in ${RENDER_DIR}; do
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "$chart_path"
rm -rf $chart_path/*
done
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Rendering Manifests ..."
for dir in ${RENDER_DIR}; do
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
chart_name=$(basename "$chart_path")
echo ""
echo ""
echo ">> Rendering chart: $chart_name"
echo ">> Chart path $chart_path"
if [ -f "$chart_path/Chart.yaml" ]; then
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
echo ""
echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack")
echo ""
echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
*)
echo ""
echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo ""
fi
done
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain)
if [ -n "$GIT_CHANGES" ]; then
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
run: |
cd ${MANIFEST_DIR}
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ">> Pushing changes to $REPO_URL ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request
id: check-for-pull-requst
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(
curl -X GET \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ">> Pull Request has been found open, will update"
PR_INDEX=$(cat response_body.json | jq -r .[0].number)
echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
echo "pull-request-index=true" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
echo ">> Pull Request found, but was closed"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
else
echo ">> Pull Request not found"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
fi
echo "----"
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${HEAD_BRANCH}" \
--arg base "${BASE_BRANCH}" \
--arg assignee "${ASSIGNEE}" \
--arg title "Automated Manifest Update" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
'{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_ID=$(cat response_body.json | jq -r .id)
echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Created - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
image: true

423
.gitea/workflows/render-manifests-push.yaml Normal file
View File

@@ -0,0 +1,423 @@
name: render-manifests-push
on:
push:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests-push:
runs-on: ubuntu-js
if: gitea.event.commits[0].author.username != 'renovate-bot'
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Prepare Manifest Branch
run: |
cd ${MANIFEST_DIR}
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
echo ">> Checking if PR branch exists ..."
if [[ $(git ls-remote --heads origin "${BRANCH_NAME}" | wc -l) -gt 0 ]]; then
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b $BRANCH_NAME
fi
echo "----"
- name: Check which Directories have Changes
id: check-dir-changes
run: |
cd ${MAIN_DIR}
RENDER_DIR=()
echo ">> Checking for changes ..."
GIT_DIFF=$(git diff --name-only ${{ gitea.event.before }}..HEAD | xargs -I {} dirname {} | sort -u | grep -E "clusters/[^/]+/helm/[^/]+")
if [ -n "${GIT_DIFF}" ]; then
echo ">> Changes detected:"
echo "$GIT_DIFF"
for path in $GIT_DIFF; do
RENDER_DIR+=$(echo "$path" | awk -F '/' '{print $4}')
RENDER_DIR+=$(echo " ")
done
else
echo ">> No changes detected"
fi
if [ -n "${RENDER_DIR}" ]; then
echo ">> Directories to Render:"
echo "$(echo "${RENDER_DIR}" | sort -u)"
echo "----"
echo "changes-detected=true" >> $GITEA_OUTPUT
echo "render-dir<<EOF" >> $GITEA_OUTPUT
echo "$(echo "${RENDER_DIR}" | sort -u)" >> $GITEA_OUTPUT
echo "EOF" >> $GITEA_OUTPUT
else
echo "changes-detected=false" >> $GITEA_OUTPUT
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Adding repositories for chart dependencies ..."
for dir in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 ${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir 2> /dev/null \
| tail +2 | head -n -1 \
| awk '{ print "helm repo add " $1 " " $3 }' \
| while read cmd; do
if [[ "$cmd" == "*oci://*" ]]; then
echo ">> Ignoring OCI repo"
else
echo "$cmd" | sh;
fi
done || true
done
if helm repo list | tail +2 | read -r; then
echo ">> Update repository cache ..."
helm repo update
fi
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MANIFEST_DIR}
echo ">> Remove manfiest files and rebuild from source ..."
for dir in ${RENDER_DIR}; do
chart_path=${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$dir
echo "$chart_path"
rm -rf $chart_path/*
done
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd ${MAIN_DIR}
echo ">> Rendering Manifests ..."
for dir in ${RENDER_DIR}; do
chart_path=${MAIN_DIR}/clusters/${CLUSTER}/helm/$dir
chart_name=$(basename "$chart_path")
echo ""
echo ""
echo ">> Rendering chart: $chart_name"
echo ">> Chart path $chart_path"
if [ -f "$chart_path/Chart.yaml" ]; then
OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name/"
TEMPLATE=""
mkdir -p ${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/$chart_name
cd $chart_path
echo ""
echo ">> Updating helm dependency ..."
helm dependency update --skip-refresh
echo ""
echo ">> Building helm dependency ..."
helm dependency build --skip-refresh
echo ""
echo ">> Linting helm ..."
helm lint --namespace "$chart_name"
echo ""
echo ">> Rendering templates ..."
case "$chart_name" in
"stack")
echo ""
echo ">> Special Rendering for stack into argocd namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace argocd --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
"cilium" | "coredns" | "metrics-server" |"prometheus-operator-crds")
echo ""
echo ">> Special Rendering for $chart_name into kube-system namespace ..."
TEMPLATE=$(helm template $chart_name ./ --namespace kube-system --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
*)
echo ""
echo ">> Standard Rendering for $chart_name ..."
TEMPLATE=$(helm template "$chart_name" ./ --namespace "$chart_name" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
;;
esac
echo ""
echo ">> Formating rendered template ..."
echo "$TEMPLATE" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"$OUTPUT_FOLDER"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ""
echo ">> Manifests for $chart_name rendered to $OUTPUT_FOLDER"
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory $chart_path does not contain a Chart.yaml. Skipping ..."
echo ""
fi
done
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd ${MANIFEST_DIR}
GIT_CHANGES=$(git status --porcelain)
if [ -n "$GIT_CHANGES" ]; then
echo ">> Changes detected"
git status --porcelain
echo "changes-detected=true" >> $GITEA_OUTPUT
else
echo ">> No changes detected, skipping PR creation"
fi
echo "----"
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
run: |
cd ${MANIFEST_DIR}
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "chore: Update manifests after change"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ">> Pushing changes to $REPO_URL ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@$(echo $REPO_URL | sed -e 's|https://||')" ${BRANCH_NAME}
echo "----"
echo "HEAD_BRANCH=${BRANCH_NAME}" >> $GITEA_OUTPUT
echo "push=true" >> $GITEA_OUTPUT
- name: Check for Pull Request
id: check-for-pull-requst
if: steps.commit-push.outputs.push == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(
curl -X GET \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ">> Pull Request has been found open, will update"
PR_INDEX=$(cat response_body.json | jq -r .[0].number)
echo "pull-request-exists=${PR_INDEX}" >> $GITEA_OUTPUT
echo "pull-request-index=true" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "closed" ]; then
echo ">> Pull Request found, but was closed"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
else
echo ">> Pull Request not found"
echo "pull-request-exists=false" >> $GITEA_OUTPUT
fi
echo "----"
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-requst.outputs.pull-request-exists == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.HEAD_BRANCH }}
run: |
cd ${MANIFEST_DIR}
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
PAYLOAD=$( jq -n \
--arg head "${HEAD_BRANCH}" \
--arg base "${BASE_BRANCH}" \
--arg assignee "${ASSIGNEE}" \
--arg title "Automated Manifest Update" \
--arg body "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow." \
'{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}' )
echo ">> Creating PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
echo ">> With Payload of:"
echo "$PAYLOAD"
HTTP_STATUS=$(
curl -X POST \
--silent \
--write-out '%{http_code}' \
--output response_body.json \
--dump-header response_headers.txt \
--data "$PAYLOAD" \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
"$API_ENDPOINT" 2> response_errors.txt
)
echo ">> HTTP Status Code: $HTTP_STATUS"
echo ">> Response Output ..."
echo "----"
cat response_body.json
echo "----"
cat response_headers.txt
echo "----"
cat response_errors.txt
echo "----"
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
PR_URL=$(cat response_body.json | jq -r .html_url)
echo "pull-request-url=${PR_URL}" >> $GITEA_OUTPUT
PR_ID=$(cat response_body.json | jq -r .id)
echo "pull-request-id=${PR_ID}" >> $GITEA_OUTPUT
echo "pull-request-operation=created" >> $GITEA_OUTPUT
elif [ "$HTTP_STATUS" == "422" ]; then
echo ">> Failed to create PR (HTTP 422: Unprocessable Entity), PR may already exist"
elif [ "$HTTP_STATUS" == "409" ]; then
echo ">> Failed to create PR (HTTP 409: Conflict), PR already exists"
else
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
exit 1
fi
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render PR Created - Infrastructure"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Manifest rendering for Infrastructure has created a new Pull Request with ID: ${{ steps.create-pull-request.outputs.pull-request-id }}!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "${{ steps.create-pull-request.outputs.pull-request-url }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure - Infrastructure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/infrastructure/actions?workflow=render-manifests.yaml", "clear": true}]'
image: true

624
.gitea/workflows/render-manifests.yaml
View File

@@ -1,624 +0,0 @@
name: render-manifests
on:
schedule:
- cron: '0 15 * * *'
workflow_dispatch:
pull_request:
branches:
- main
paths:
- 'clusters/cl01tl/helm/**'
types:
- closed
env:
CLUSTER: cl01tl
BASE_BRANCH: manifests
BRANCH_NAME_BASE: auto/update-manifests
ASSIGNEE: alexlebens
MAIN_DIR: /workspace/alexlebens/infrastructure/infrastructure
MANIFEST_DIR: /workspace/alexlebens/infrastructure/infrastructure-manifests
jobs:
render-manifests:
runs-on: ubuntu-js
if: >-
github.event_name == 'schedule' ||
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'pull_request' && github.event.pull_request.merged == true)
steps:
- name: Checkout Main
uses: actions/checkout@v6
with:
path: infrastructure
fetch-depth: 0
- name: Checkout Manifests
uses: actions/checkout@v6
with:
ref: manifests
path: infrastructure-manifests
- name: Set Up Helm
uses: azure/setup-helm@v4
with:
token: ${{ secrets.GITEA_TOKEN }}
version: v3.17.2 # Pending https://github.com/helm/helm/pull/30743
cache: true
- name: Configure Kubeconfig
uses: azure/k8s-set-context@v4
with:
method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }}
- name: Cache Helm Dependencies
uses: actions/cache@v5
with:
path: |
~/.cache/helm
~/.config/helm
key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
restore-keys: |
helm-cache-${{ runner.os }}-
- name: Determine Workflow Mode
id: mode
run: |
IS_AUTOMERGE="false"
RENDER_ALL="false"
DIFF_TARGET=""
if [[ "${{ github.event_name }}" == "schedule" || "${{ github.event_name }}" == "workflow_dispatch" ]]; then
echo ">> Mode: Dispatch/Schedule (Render All)"
RENDER_ALL="true"
elif [[ "${{ github.event_name }}" == "pull_request" ]]; then
if [[ "${{ contains(github.event.pull_request.labels.*.name, 'automerge') }}" == "true" ]]; then
echo ">> Mode: PR Merged (Automerge)"
IS_AUTOMERGE="true"
else
echo ">> Mode: PR Merged (Standard)"
fi
DIFF_TARGET="HEAD^..HEAD"
fi
echo ""
echo "----"
echo "is-automerge=${IS_AUTOMERGE}" >> "$GITHUB_OUTPUT"
echo "render-all=${RENDER_ALL}" >> "$GITHUB_OUTPUT"
echo "diff-target=${DIFF_TARGET}" >> "$GITHUB_OUTPUT"
- name: Prepare Manifest Branch
id: prepare-manifest-branch
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
run: |
cd "${MANIFEST_DIR}"
echo ">> Configure git to use gitea-bot as user ..."
git config user.name "gitea-bot"
git config user.email "gitea-bot@alexlebens.net"
if [[ "$IS_AUTOMERGE" == "true" ]]; then
BRANCH_NAME="${BRANCH_NAME_BASE}-automerge-${PR_NUMBER}"
echo ""
echo ">> Creating branch ${BRANCH_NAME} ..."
git checkout -B "$BRANCH_NAME"
else
echo ""
echo ">> Checking if PR branch exists ..."
BRANCH_NAME="${BRANCH_NAME_BASE}"
if git ls-remote --exit-code --heads origin "${BRANCH_NAME}" > /dev/null 2>&1; then
echo ""
echo ">> Branch '${BRANCH_NAME}' exists, pulling changes ..."
git fetch origin "${BRANCH_NAME}"
git checkout "${BRANCH_NAME}"
git pull --rebase
else
echo ""
echo ">> Branch '${BRANCH_NAME}' does not exist, creating ..."
git checkout -b "${BRANCH_NAME}"
fi
fi
echo ""
echo "----"
echo "branch-name=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
- name: Check Which Directories Have Changes
id: check-dir-changes
env:
RENDER_ALL: ${{ steps.mode.outputs.render-all }}
DIFF_TARGET: ${{ steps.mode.outputs.diff-target }}
run: |
cd "${MAIN_DIR}"
if [[ "$RENDER_ALL" == "true" ]]; then
echo ">> Triggered on dispatch, will check all paths ..."
RENDER_DIR=$(find "clusters/${CLUSTER}/helm" -mindepth 1 -maxdepth 1 -type d -exec basename {} \; | sort -u)
else
echo ">> Checking for changes from ${DIFF_TARGET} ..."
RENDER_DIR=$(git diff --name-only "${DIFF_TARGET}" | grep -E "^clusters/${CLUSTER}/helm/" | awk -F '/' '{print $4}' | sort -u || true)
fi
if [ -n "${RENDER_DIR}" ]; then
echo ""
echo ">> Directories to Render:"
echo ""
echo "${RENDER_DIR}"
echo ""
echo "----"
echo "changes-detected=true" >> "$GITHUB_OUTPUT"
echo "render-dir<<EOF" >> "$GITHUB_OUTPUT"
echo "${RENDER_DIR}" >> "$GITHUB_OUTPUT"
echo "EOF" >> "$GITHUB_OUTPUT"
else
echo ""
echo ">> No chart changes detected"
echo ""
echo "----"
echo "changes-detected=false" >> "$GITHUB_OUTPUT"
fi
- name: Add Repositories
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ">> Adding repositories for chart dependencies ..."
echo ""
for DIR in ${RENDER_DIR}; do
helm dependency list --max-col-width 120 "${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}" 2> /dev/null \
| tail -n +2 \
| awk 'NF > 0 { print $1, $3 }' \
| while read -r REPO_NAME REPO_URL; do
if [[ "${REPO_URL}" == oci://* ]]; then
echo ">> Ignoring OCI repo: ${REPO_URL}"
elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
helm repo add "${REPO_NAME}" "${REPO_URL}"
fi
done || true
done
if helm repo list > /dev/null 2>&1; then
echo ""
echo ">> Update repository cache ..."
helm repo update
fi
echo ""
echo "----"
- name: Remove Changed Manifest Files
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MANIFEST_DIR}"
echo ">> Remove manifest files and rebuild from source ..."
echo ""
for DIR in ${RENDER_DIR}; do
CHART_PATH="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${DIR}"
echo "${CHART_PATH}"
rm -rf "${CHART_PATH}"/*
done
echo ""
echo "----"
- name: Render Helm Manifests
id: render-manifests
if: steps.check-dir-changes.outputs.changes-detected == 'true'
env:
RENDER_DIR: ${{ steps.check-dir-changes.outputs.render-dir }}
run: |
cd "${MAIN_DIR}"
echo ">> Rendering Manifests ..."
render_chart() {
local DIR="$1"
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
local CHART_NAME=$(basename "${CHART_PATH}")
echo ""
echo ">> Rendering chart: ${CHART_NAME}"
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
local OUTPUT_FOLDER="${MANIFEST_DIR}/clusters/${CLUSTER}/manifests/${CHART_NAME}/"
mkdir -p "${OUTPUT_FOLDER}"
cd "${CHART_PATH}"
helm dependency update --skip-refresh > /dev/null
helm lint --namespace "${CHART_NAME}" --quiet
local NAMESPACE="${CHART_NAME}"
case "${CHART_NAME}" in
"stack")
NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..."
;;
"cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system"
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;;
*)
echo ">> Standard Rendering ..."
esac
echo ">> Formating rendered template ..."
local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# Strip comments again to ensure formatting correctness
for file in "$OUTPUT_FOLDER"/*; do
yq -i '... comments=""' $file
done
echo ">> Manifests for ${CHART_NAME} rendered successfully to $OUTPUT_FOLDER:"
echo ""
ls $OUTPUT_FOLDER
echo ""
else
echo ""
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
fi
}
export -f render_chart
export MAIN_DIR CLUSTER MANIFEST_DIR
# Run rendering in parallel
for DIR in ${RENDER_DIR}; do
echo "${DIR}"
done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo ""
echo "----"
- name: Check for Changes
id: check-changes
if: steps.check-dir-changes.outputs.changes-detected == 'true'
run: |
cd "${MANIFEST_DIR}"
GIT_CHANGES=$(git status --porcelain)
if [ -n "${GIT_CHANGES}" ]; then
echo ">> Changes detected"
git status --porcelain
CHANGED_CHARTS=$(echo "$GIT_CHANGES" | grep -oE "clusters/${CLUSTER}/manifests/[^/]+" | awk -F '/' '{print $4}' | sort -u | paste -sd ',' -)
echo ""
echo "----"
echo "changes-detected=true" >> "$GITHUB_OUTPUT"
echo "changed-charts-csv=${CHANGED_CHARTS}" >> "$GITHUB_OUTPUT"
else
echo ">> No changes detected, skipping PR creation"
echo ""
echo "----"
fi
- name: Commit and Push Changes
id: commit-push
if: steps.check-changes.outputs.changes-detected == 'true'
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
run: |
cd "${MANIFEST_DIR}"
MSG="chore: Update manifests after change"
if [[ "$IS_AUTOMERGE" == "true" ]]; then
MSG="chore: Update manifests after automerge"
fi
echo ">> Commiting changes to ${BRANCH_NAME} ..."
git add .
git commit -m "${MSG}"
REPO_URL="${{ secrets.REPO_URL }}/${{ gitea.repository }}"
echo ""
echo ">> Pushing changes to ${REPO_URL} ..."
git push -u "https://oauth2:${{ secrets.BOT_TOKEN }}@${REPO_URL#*://}" "${BRANCH_NAME}"
echo ""
echo "----"
echo "push=true" >> "$GITHUB_OUTPUT"
echo "head-branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
- name: Check for Pull Request
id: check-for-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls?base_branch=${BASE_BRANCH}&state=open&page=1"
echo ">> Checking if PR from branch ${HEAD_BRANCH} into ${BASE_BRANCH}"
echo ">> With Endpoint of:"
echo "$API_ENDPOINT"
HTTP_STATUS=$(curl -X GET -s -w '%{http_code}' -o response_body.json -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "200" ] && [ "$(cat response_body.json | jq -r .[0].state)" == "open" ]; then
echo ""
echo ">> Pull Request has been found open, will update"
echo ""
echo "----"
echo "pull-request-exists=$(cat response_body.json | jq -r .[0].number)" >> "$GITHUB_OUTPUT"
else
echo ""
echo ">> Pull Request not found"
echo ""
echo "----"
echo "pull-request-exists=false" >> "$GITHUB_OUTPUT"
fi
- name: Create Pull Request
id: create-pull-request
if: steps.commit-push.outputs.push == 'true' && (steps.mode.outputs.is-automerge == 'true' || steps.check-for-pull-request.outputs.pull-request-exists == 'false')
env:
IS_AUTOMERGE: ${{ steps.mode.outputs.is-automerge }}
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
HEAD_BRANCH: ${{ steps.commit-push.outputs.head-branch }}
CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
EVENT_NAME: ${{ github.event_name }}
ACTOR: ${{ github.actor }}
SHA: ${{ github.sha }}
REF: ${{ github.ref_name }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls"
BODY=$(printf "This PR contains newly rendered Kubernetes manifests automatically generated by the CI workflow.\n\n### Details\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
if [[ "$IS_AUTOMERGE" == "true" ]]; then
TITLE="Automated Manifest Update - Automerge"
BODY=$(printf "%s\n\n_This PR is expected to be automerged._" "${BODY}")
else
TITLE="Automated Manifest Update"
fi
PAYLOAD=$(jq -n --arg head "${HEAD_BRANCH}" --arg base "${BASE_BRANCH}" --arg assignee "${ASSIGNEE}" --arg title "${TITLE}" --arg body "${BODY}" '{head: $head, base: $base, assignee: $assignee, title: $title, body: $body}')
HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "201" ]; then
echo ">> Pull Request created successfully!"
echo ""
echo "----"
echo "pull-request-id=$(jq -r .id response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-number=$(jq -r .number response_body.json)" >> "$GITHUB_OUTPUT"
echo "pull-request-operation=created" >> "$GITHUB_OUTPUT"
elif [[ "$HTTP_STATUS" == "422" || "$HTTP_STATUS" == "409" ]]; then
echo ""
echo ">> Failed to create PR (Already exists)"
echo ""
echo "----"
else
echo ""
echo ">> Failed to create PR, HTTP status code: $HTTP_STATUS"
echo ""
echo "----"
exit 1
fi
- name: Update Pull Request
id: update-pull-request
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
PR_NUMBER: ${{ steps.check-for-pull-request.outputs.pull-request-exists }}
CHARTS: ${{ steps.check-changes.outputs.changed-charts-csv }}
EVENT_NAME: ${{ github.event_name }}
ACTOR: ${{ github.actor }}
SHA: ${{ github.sha }}
REF: ${{ github.ref_name }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}"
EXISTING_BODY=$(jq -r '.[0].body' response_body.json)
NEW_DETAILS=$(printf "### Update Details (%s)\n- **Trigger**: \`%s\` by \`@%s\`\n- **Commit**: \`%s\` (on \`%s\`)\n- **Charts Updated**: \`%s\`" "$(date -u +'%Y-%m-%d %H:%M UTC')" "${EVENT_NAME}" "${ACTOR}" "${SHA:0:7}" "${REF}" "${CHARTS}")
UPDATED_BODY=$(printf "%s\n\n%s" "${EXISTING_BODY}" "${NEW_DETAILS}")
PAYLOAD=$(jq -n --arg body "${UPDATED_BODY}" '{body: $body}')
HTTP_STATUS=$(curl -X PATCH -s -w '%{http_code}' -o update_response.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "201" ] || [ "$HTTP_STATUS" == "200" ]; then
echo ">> Pull Request updated successfully!"
echo ""
echo "----"
echo "pull-request-operation=updated" >> "$GITHUB_OUTPUT"
else
echo ">> Failed to update PR, HTTP status code: $HTTP_STATUS"; exit 1
echo ""
echo "----"
fi
- name: Merge Changes
id: merge-changes
if: steps.commit-push.outputs.push == 'true' && steps.mode.outputs.is-automerge == 'true'
env:
GITEA_TOKEN: ${{ secrets.BOT_TOKEN }}
GITEA_URL: ${{ secrets.REPO_URL }}
PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
run: |
cd "${MANIFEST_DIR}"
API_ENDPOINT="${GITEA_URL}/api/v1/repos/${{ gitea.repository }}/pulls/${PR_NUMBER}/merge"
PAYLOAD=$(jq -n --arg Do "merge" '{Do: $Do}')
HTTP_STATUS=$(curl -X POST -s -w '%{http_code}' -o response_body.json --data "$PAYLOAD" -H "Authorization: token ${GITEA_TOKEN}" -H "Content-Type: application/json" "$API_ENDPOINT")
if [ "$HTTP_STATUS" == "200" ]; then
echo ">> Pull Request merged successfully!"
echo ""
echo "----"
echo "pull-request-operation=merged" >> "$GITHUB_OUTPUT"
else
echo ">> Failed to merge PR, HTTP status code: $HTTP_STATUS"; exit 1
echo ""
echo "----"
fi
- name: Cleanup Branch
if: failure() && steps.mode.outputs.is-automerge == 'true'
env:
BRANCH_NAME: ${{ steps.prepare-manifest-branch.outputs.branch-name }}
run: |
cd "${MANIFEST_DIR}"
echo ">> Removing branch: ${BRANCH_NAME}"
git push origin --delete "${BRANCH_NAME}" || true
echo ""
echo "----"
- name: ntfy Created
uses: niniyas/ntfy-action@master
if: steps.create-pull-request.outputs.pull-request-operation == 'created' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render - Open PR"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Created renderd manifests for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Updated
uses: niniyas/ntfy-action@master
if: steps.commit-push.outputs.push == 'true' && steps.check-for-pull-request.outputs.pull-request-exists != 'false' && steps.mode.outputs.is-automerge == 'false'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render - PR Updated"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Updated rendered manifests PR for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Merged
uses: niniyas/ntfy-action@master
if: steps.merge-changes.outputs.pull-request-operation == 'merged'
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render - Automerged"
priority: 3
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,successfully,completed
details: "Automerged manifest rendering for cluster '${{ env.CLUSTER }}' with charts: ${{ steps.check-changes.outputs.changed-charts-csv }}"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View PR", "url": "${{ vars.USER_URL }}/${{ github.repository }}/pulls/${{ steps.create-pull-request.outputs.pull-request-number }}", "clear": true}]'
- name: ntfy Failed
uses: niniyas/ntfy-action@master
if: failure()
with:
url: "${{ secrets.NTFY_URL }}"
topic: "${{ secrets.NTFY_TOPIC }}"
title: "Manifest Render Failure"
priority: 4
headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
tags: action,failed
details: "Manifest rendering for Infrastructure has failed!"
icon: "https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png"
actions: '[{"action": "view", "label": "View Logs", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'

6
.pre-commit-config.yaml
View File

@@ -1,6 +1,6 @@
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v6.0.0
rev: v2.3.0
hooks:
- id: end-of-file-fixer
- id: trailing-whitespace
@@ -9,9 +9,7 @@ repos:
exclude: '^.*\/templates\/.*$'
args:
- --multi
- id: check-merge-conflict
- id: check-json
- repo: https://github.com/IamTheFij/docker-pre-commit
rev: v3.0.1
rev: v2.0.0
hooks:
- id: docker-compose-check

6
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
generated: "2026-03-06T01:04:41.514235218Z"
version: 0.7.0
digest: sha256:ff3e2f03e93cdd4593e28b9c8bd5b9ddb25548a20a070b2e202057f216207d03
generated: "2026-01-16T18:44:37.399172263Z"

2
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -19,7 +19,7 @@ dependencies:
version: 4.6.2
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual

5
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -81,8 +81,7 @@ volsync-target-data:
enabled: true
schedule: 0 8 * * *
remote:
enabled: true
schedule: 0 9 * * *
enabled: false
external:
enabled: true
schedule: 0 10 * * *
schedule: 0 9 * * *

8
clusters/cl01tl/helm/argo-workflows/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.2
version: 0.47.4
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.20
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:8d1c2dd011a360d930ed5ff186462f163407077d36ae633898ec5d6ba30a4e8d
generated: "2026-03-15T20:04:18.080966008Z"
version: 7.8.0
digest: sha256:772ba83a6e0fa6a7e3633ff1fff0f8221b45a1f36ec890489cfa383330d99f81
generated: "2026-02-27T18:14:32.22595048Z"

6
clusters/cl01tl/helm/argo-workflows/Chart.yaml
View File

@@ -18,15 +18,15 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.2
version: 0.47.4
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.20
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.2
appVersion: v4.0.1

12
clusters/cl01tl/helm/argo-workflows/values.yaml
View File

@@ -1,14 +1,4 @@
argo-workflows:
crds:
install: true
keep: true
# -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields.
# Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply.
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.2
controller:
metricsConfig:
enabled: true
@@ -115,7 +105,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: argo-cd
repository: https://argoproj.github.io/argo-helm
version: 9.4.10
digest: sha256:795aad956acef3f5efb8160390caf9b9792b7b4150d3a7984f1c5edbad92dfaa
generated: "2026-03-10T18:58:35.720448421Z"
version: 9.4.7
digest: sha256:9fc78ed4a6a55f65e3250e687caf67ad09e852eb7b01313e372127e75f451a79
generated: "2026-03-03T20:05:52.081769174Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -15,8 +15,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: argo-cd
version: 9.4.10
version: 9.4.7
repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.3
appVersion: v3.3.2

8
clusters/cl01tl/helm/audiobookshelf/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
version: 0.7.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:7ee4cfdf7f908401c39b3cda0cf8783b25dcb9cf93e7c911609bab9e303ec5bf
generated: "2026-03-06T01:05:03.534042627Z"
version: 0.7.0
digest: sha256:c8a988258b26187972a8b69767bf5df502d7e2b12710eb357ac15240d872fd37
generated: "2026-01-16T18:44:48.982249243Z"

6
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -21,12 +21,12 @@ dependencies:
version: 4.6.2
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-metadata
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.0
appVersion: 2.32.1

44
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,52 +1,14 @@
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-books-nfs-storage
name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-books-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
volumeName: audiobookshelf-podcasts-nfs-storage
volumeName: audiobookshelf-nfs-storage
storageClassName: nfs-client
accessModes:
- ReadWriteMany

56
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,10 +1,10 @@
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-books-nfs-storage
name: audiobookshelf-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
app.kubernetes.io/name: audiobookshelf-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -15,57 +15,7 @@ spec:
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Books
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Audiobooks
server: synologybond.alexlebens.net
mountOptions:
- vers=4
- minorversion=1
- noac
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client
capacity:
storage: 1Gi
accessModes:
- ReadWriteMany
nfs:
path: /volume2/Storage/Podcasts
path: /volume2/Storage
server: synologybond.alexlebens.net
mountOptions:
- vers=4

32
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -9,7 +9,7 @@ audiobookshelf:
main:
image:
repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.0
tag: 2.32.1
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -21,7 +21,7 @@ audiobookshelf:
apprise-api:
image:
repository: caronc/apprise
tag: v1.3.2
tag: v1.3.1
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -114,26 +114,12 @@ audiobookshelf:
main:
- path: /metadata
readOnly: false
books:
existingClaim: audiobookshelf-books-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Books
readOnly: false
audiobooks:
existingClaim: audiobookshelf-audiobooks-nfs-storage
existingClaim: audiobookshelf-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Audiobooks
readOnly: false
podcasts:
existingClaim: audiobookshelf-podcasts-nfs-storage
advancedMounts:
main:
main:
- path: /mnt/store/Podcasts
- path: /mnt/store/
readOnly: false
volsync-target-config:
pvcTarget: audiobookshelf-config
@@ -141,19 +127,17 @@ volsync-target-config:
enabled: true
schedule: 2 8 * * *
remote:
enabled: true
schedule: 2 9 * * *
enabled: false
external:
enabled: true
schedule: 2 10 * * *
schedule: 2 9 * * *
volsync-target-metadata:
pvcTarget: audiobookshelf-metadata
local:
enabled: true
schedule: 4 8 * * *
remote:
enabled: true
schedule: 4 9 * * *
enabled: false
external:
enabled: true
schedule: 4 10 * * *
schedule: 4 9 * * *

12
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 2026.2.1
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
- name: valkey
version: 7.8.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
generated: "2026-03-15T20:04:35.99407071Z"
version: 1.1.0
digest: sha256:ee8c360d746800a6f3f41f64fd2f116224b305d8bcb8660ed2687c7987e59c37
generated: "2026-03-04T00:37:25.727534823Z"

9
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -25,14 +25,13 @@ dependencies:
repository: https://charts.goauthentik.io/
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.4.0
- name: redis-replication
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik

15
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -28,7 +28,7 @@ authentik:
key: password
authentik:
redis:
host: authentik-valkey
host: redis-replication-authentik-master
server:
name: server
replicas: 1
@@ -68,7 +68,7 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
index: 2
index: 1
backup:
objectStore:
- name: garage-local
@@ -91,9 +91,9 @@ postgres-18-cluster:
# isWALArchiver: false
scheduledBackups:
- name: live-backup
suspend: false
suspend: true
immediate: true
schedule: "0 5 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -105,3 +105,10 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
redis-replication:
existingSecret:
enabled: false
redisReplication:
clusterSize: 3
sentinel:
enabled: true

8
clusters/cl01tl/helm/backrest/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
version: 0.7.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:f203538010828e77336f3cf39451a1072c90aeb8ece7c173a3476c49883b46d1
generated: "2026-03-06T01:05:24.935421139Z"
version: 0.7.0
digest: sha256:18365b7dd3995703aad6928ce22dd1c3b8ffd5f1cccf54b8f1489ad111d13104
generated: "2026-01-16T18:45:00.087995513Z"

6
clusters/cl01tl/helm/backrest/Chart.yaml
View File

@@ -19,12 +19,12 @@ dependencies:
version: 4.6.2
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
# renovate: datasource=github-releases depName=garethgeorge/backrest
appVersion: v1.12.1
appVersion: v1.12.0

12
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -8,7 +8,7 @@ backrest:
main:
image:
repository: garethgeorge/backrest
tag: v1.12.1
tag: v1.12.0
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -111,19 +111,17 @@ volsync-target-data:
enabled: true
schedule: 6 8 * * *
remote:
enabled: true
schedule: 6 9 * * *
enabled: false
external:
enabled: true
schedule: 6 10 * * *
schedule: 6 9 * * *
volsync-target-config:
pvcTarget: backrest-config
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
enabled: false
external:
enabled: true
schedule: 8 10 * * *
schedule: 8 9 * * *

6
clusters/cl01tl/helm/bazarr/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ce88e4cd451613c9dbc25d285700970789ff678452ef277f3c8465dbf6157f1f
generated: "2026-03-06T01:05:44.405374459Z"
version: 0.7.0
digest: sha256:77d0e82601292b4173d355d18c0de82bb37684a3dc29d7c8af4169308f14de48
generated: "2026-01-16T18:45:10.855338471Z"

4
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -6,7 +6,7 @@ keywords:
- bazarr
- servarr
- subtitles
home: https://wiki.alexlebens.dev/s/
home: https://wiki.alexlebens.dev/s/92784d53-1d43-42fd-b509-f42c73454226
sources:
- https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr
@@ -21,7 +21,7 @@ dependencies:
version: 4.6.2
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=morpheus65535/bazarr

7
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -15,7 +15,7 @@ bazarr:
main:
image:
repository: ghcr.io/linuxserver/bazarr
tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
tag: 1.5.6@sha256:94eee5e3e14430b7b144d4556be73963a7daf6f1bddc25586627f426465482ce
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -87,8 +87,7 @@ volsync-target-config:
enabled: true
schedule: 10 8 * * *
remote:
enabled: true
schedule: 10 9 * * *
enabled: false
external:
enabled: true
schedule: 10 10 * * *
schedule: 10 9 * * *

8
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -2,8 +2,8 @@ dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
generated: "2026-03-09T23:06:16.853255429Z"
version: 1.1.0
digest: sha256:27a4d0d6fc6622d47686fbf1dcae41c5f7e72157b0fa35abb11b375ab91f949f
generated: "2026-03-04T00:37:53.921436029Z"

5
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -17,9 +17,8 @@ dependencies:
alias: blocky
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: valkey
alias: valkey
version: 0.4.0
- name: redis-replication
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky

12
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -135,7 +135,6 @@ blocky:
komodo IN CNAME traefik-cl01tl
lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl
@@ -193,42 +192,36 @@ blocky:
*.alexlebens.dev
*.boreal-beaufort.ts.net
*.discord.com
cdn.trackjs.com
ads:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
*.discord.com
cdn.trackjs.com
priv:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
*.discord.com
cdn.trackjs.com
mal:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
*.discord.com
cdn.trackjs.com
pro:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
*.discord.com
cdn.trackjs.com
oisd:
- |
*.alexlebens.net
*.alexlebens.dev
*.boreal-beaufort.ts.net
*.discord.com
cdn.trackjs.com
clientGroupsBlock:
default:
- sus
@@ -260,7 +253,7 @@ blocky:
cacheTimeNegative: 30m
redis:
address: blocky-valkey.blocky:6379
address: redis-replication-blocky-master.blocky:6379
required: true
prometheus:
@@ -333,3 +326,6 @@ blocky:
readOnly: true
mountPropagation: None
subPath: config.yml
redis-replication:
redisReplication:
clusterSize: 1

10
clusters/cl01tl/helm/booklore/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: mariadb-cluster
repository: https://helm.mariadb.com/mariadb-operator
version: 26.3.0
version: 25.10.4
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
version: 0.7.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:e65fa008c652092da5431e9780eb2a87c944298a12e58e432efad61c9e826da5
generated: "2026-03-14T23:57:22.721295098Z"
version: 0.7.0
digest: sha256:81601af110374e1571481873ace19f7bc694edb917ef35c1fbc623efe147a66d
generated: "2026-01-16T18:45:33.641059484Z"

8
clusters/cl01tl/helm/booklore/Chart.yaml
View File

@@ -18,16 +18,16 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: mariadb-cluster
version: 26.3.0
version: 25.10.4
repository: https://helm.mariadb.com/mariadb-operator
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/booklore.png
# renovate: datasource=github-releases depName=booklore-app/BookLore
appVersion: v2.2.1
appVersion: v2.0.5

15
clusters/cl01tl/helm/booklore/templates/replication-destination.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationDestination
metadata:
name: booklore-data-replication-destination
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-destination
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
rsyncTLS:
copyMethod: Direct
accessModes: ["ReadWriteMany"]
destinationPVC: booklore-books-nfs-storage
keySecret: booklore-data-replication-secret

17
clusters/cl01tl/helm/booklore/templates/replication-source.yaml Normal file
View File

@@ -0,0 +1,17 @@
apiVersion: volsync.backube/v1alpha1
kind: ReplicationSource
metadata:
name: booklore-data-replication-source
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: booklore-data-replication-source
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
sourcePVC: booklore-data
trigger:
schedule: "0 0 * * *"
rsyncTLS:
keySecret: booklore-data-replication-secret
address: volsync-rsync-tls-dst-booklore-data-replication-destination
copyMethod: Snapshot

15
clusters/cl01tl/helm/booklore/values.yaml
View File

@@ -9,15 +9,11 @@ booklore:
main:
image:
repository: ghcr.io/booklore-app/booklore
tag: v2.2.1
tag: v2.0.5
pullPolicy: IfNotPresent
env:
- name: TZ
value: America/Chicago
- name: USER_ID
value: 1000
- name: GROUP_ID
value: 1000
- name: DATABASE_URL
value: jdbc:mariadb://booklore-mariadb-cluster-primary.booklore:3306/booklore
- name: DATABASE_USERNAME
@@ -225,11 +221,10 @@ volsync-target-config:
enabled: true
schedule: 12 8 * * *
remote:
enabled: true
schedule: 12 9 * * *
enabled: false
external:
enabled: true
schedule: 12 10 * * *
schedule: 12 9 * * *
volsync-target-data:
pvcTarget: booklore-data
local:
@@ -239,11 +234,11 @@ volsync-target-data:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 14 9 * * *
schedule: 14 10 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 14 10 * * *
schedule: 14 9 * * *
restic:
cacheCapacity: 10Gi

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cert-manager
repository: https://charts.jetstack.io
version: v1.20.0
digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29
generated: "2026-03-10T16:06:49.332999536Z"
version: v1.19.4
digest: sha256:5c4a0a0568677bfcf4529e6ec6a005957cd1820fd5f1d1f108e74370d409fe88
generated: "2026-02-24T19:30:44.415585645Z"

4
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: cert-manager
version: v1.20.0
version: v1.19.4
repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.0
appVersion: v1.19.4

8
clusters/cl01tl/helm/code-server/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
generated: "2026-03-09T22:04:00.58415637Z"
version: 0.7.0
digest: sha256:a170a0695881a7eed9bc2b0fc8b7f7bce18919e9bea0c5342a35e5a1a5ffa406
generated: "2026-02-07T00:36:52.387080745Z"

4
clusters/cl01tl/helm/code-server/Chart.yaml
View File

@@ -22,10 +22,10 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=linuxserver/docker-code-server

7
clusters/cl01tl/helm/code-server/values.yaml
View File

@@ -9,7 +9,7 @@ code-server:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
tag: 4.109.5@sha256:aa43fb2fc31127e9d2166e903c7f13792351e38658ba29645662a89ff04ff90d
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -79,8 +79,7 @@ volsync-target-config:
enabled: true
schedule: 16 8 * * *
remote:
enabled: true
schedule: 16 9 * * *
enabled: false
external:
enabled: true
schedule: 16 10 * * *
schedule: 16 9 * * *

4
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -7,7 +7,7 @@ keywords:
- dns
- network
- kubernetes
home: https://wiki.alexlebens.dev/s/
home: https://wiki.alexlebens.dev/s/43947ec6-a034-449f-8c76-982ac493b072
sources:
- https://github.com/coredns/coredns
- https://github.com/coredns/helm
@@ -19,4 +19,4 @@ dependencies:
repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2
appVersion: v1.14.1

2
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,7 +1,7 @@
coredns:
image:
repository: registry.k8s.io/coredns/coredns
tag: v1.14.2
tag: v1.14.1
replicaCount: 3
resources:
requests:

8
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.8.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
generated: "2026-03-15T20:04:49.68456485Z"
version: 0.2.0
digest: sha256:2682dcbc71417a103cf4c1ed920caac5b14272b021dc579fb8a3cf2fedfa0490
generated: "2026-03-03T16:10:42.029406-06:00"

6
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -18,12 +18,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.4.0
version: 0.2.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.3.4
appVersion: 1.3.1

6
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -9,7 +9,7 @@ dawarich:
main:
image:
repository: freikin/dawarich
tag: 1.3.4
tag: 1.3.1
pullPolicy: IfNotPresent
command: ["web-entrypoint.sh"]
args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
@@ -106,7 +106,7 @@ dawarich:
sidekiq:
image:
repository: freikin/dawarich
tag: 1.3.4
tag: 1.3.1
pullPolicy: IfNotPresent
command: ["sidekiq-entrypoint.sh"]
args: ["sidekiq"]
@@ -330,7 +330,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 10 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true

6
clusters/cl01tl/helm/descheduler/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: descheduler
repository: https://kubernetes-sigs.github.io/descheduler/
version: 0.35.1
digest: sha256:ed7cc8068b83ac483fda3a781227b35e12a34abdca214b5490e7036c89db1a95
generated: "2026-03-09T21:21:45.788316167Z"
version: 0.35.0
digest: sha256:afa0e5fe35f9287db619de604c82a22c3ab90dfcaa3a845ff30491e47c7a5846
generated: "2026-02-19T23:03:22.794515683Z"

4
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -14,8 +14,8 @@ maintainers:
- name: alexlebens
dependencies:
- name: descheduler
version: 0.35.1
version: 0.35.0
repository: https://kubernetes-sigs.github.io/descheduler/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
# renovate: datasource=github-releases depName=kubernetes-sigs/descheduler
appVersion: v0.35.1
appVersion: v0.35.0

10
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
- name: valkey
version: 7.8.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
generated: "2026-03-15T20:05:03.156596646Z"
version: 1.1.0
digest: sha256:081224a2297891ecb7e7306d7da895a6e7988e9a28e7244f310231f60dd9f6c8
generated: "2026-03-04T00:38:19.7054203Z"

9
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -23,12 +23,11 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.4.0
- name: redis-replication
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus
appVersion: 11.16.1
appVersion: 11.16.0

52
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -98,10 +98,10 @@ spec:
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-bucket-garage
name: directus-redis-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-bucket-garage
app.kubernetes.io/name: directus-redis-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
@@ -109,61 +109,17 @@ spec:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: default
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password
- secretKey: user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
key: /cl01tl/directus/redis
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
key: /cl01tl/directus/redis
metadataPolicy: None
property: password

11
clusters/cl01tl/helm/directus/templates/object-bucket-claim.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: objectbucket.io/v1alpha1
kind: ObjectBucketClaim
metadata:
name: ceph-bucket-directus
labels:
app.kubernetes.io/name: ceph-bucket-directus
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
generateBucketName: bucket-directus
storageClassName: ceph-bucket

49
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -9,7 +9,7 @@ directus:
main:
image:
repository: directus/directus
tag: 11.16.1
tag: 11.16.0
pullPolicy: IfNotPresent
env:
- name: PUBLIC_URL
@@ -72,16 +72,16 @@ directus:
- name: REDIS_ENABLED
value: true
- name: REDIS_HOST
value: directus-valkey
value: redis-replication-directus-master
- name: REDIS_USERNAME
valueFrom:
secretKeyRef:
name: directus-valkey-config
name: directus-redis-config
key: user
- name: REDIS_PASSWORD
valueFrom:
secretKeyRef:
name: directus-valkey-config
name: directus-redis-config
key: password
- name: STORAGE_LOCATIONS
value: s3
@@ -90,22 +90,22 @@ directus:
- name: STORAGE_S3_KEY
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_KEY_ID
name: ceph-bucket-directus
key: AWS_ACCESS_KEY_ID
- name: STORAGE_S3_SECRET
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_SECRET_KEY
- name: STORAGE_S3_REGION
valueFrom:
secretKeyRef:
name: directus-bucket-garage
key: ACCESS_REGION
name: ceph-bucket-directus
key: AWS_SECRET_ACCESS_KEY
- name: STORAGE_S3_BUCKET
value: directus-assets
valueFrom:
configMapKeyRef:
name: ceph-bucket-directus
key: BUCKET_NAME
- name: STORAGE_S3_REGION
value: us-east-1
- name: STORAGE_S3_ENDPOINT
value: http://garage-main.garage:3900
value: http://rook-ceph-rgw-ceph-objectstore.rook-ceph.svc:80
- name: STORAGE_S3_FORCE_PATH_STYLE
value: true
- name: AUTH_PROVIDERS
@@ -219,7 +219,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 15 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -231,13 +231,12 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey:
valkey:
auth:
redis-replication:
existingSecret:
enabled: true
name: directus-redis-config
key: password
redisReplication:
clusterSize: 3
sentinel:
enabled: true
usersExistingSecret: directus-valkey-config
aclUsers:
default:
permissions: "~* &* +@all"
metrics:
enabled: false

8
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies:
- name: element-web
repository: https://ananace.gitlab.io/charts
version: 1.4.32
version: 1.4.31
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
digest: sha256:49d9dd45eff7cbbc11644e4a8bd3c9d3bf84716ed034a76f097f0ba1fea4c934
generated: "2026-03-11T16:04:17.556777286Z"
version: 2.3.0
digest: sha256:7447f3828246d85acd5a2a75b6d086d8fbe29ee90ad61b96dd25de8dcfefbc4e
generated: "2026-03-03T18:08:31.901975101Z"

6
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -17,11 +17,11 @@ maintainers:
- name: alexlebens
dependencies:
- name: element-web
version: 1.4.32
version: 1.4.31
repository: https://ananace.gitlab.io/charts
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.12
appVersion: v1.12.11

2
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -2,7 +2,7 @@ element-web:
replicaCount: 1
image:
repository: vectorim/element-web
tag: v1.12.12
tag: v1.12.11
pullPolicy: IfNotPresent
defaultServer:
url: https://matrix.alexlebens.dev

6
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.1.0
digest: sha256:b19563d51f1922403185979c6c442531a7bb13d302e8438b5a18d450259b7245
generated: "2026-03-07T18:02:23.908145348Z"
version: 2.0.1
digest: sha256:f47905e03f649c28d29f7a381799fb2df1f0a7bf122af174aeba47ba94f34847
generated: "2026-02-20T19:29:28.137671934Z"

4
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -12,8 +12,8 @@ sources:
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
version: 2.1.0
version: 2.0.1
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.1.0
appVersion: v2.0.1

10
clusters/cl01tl/helm/freshrss/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:a7bdbecd50433fedd65d3043102fe3c9e366dc98953c37eb0cfe762bce833e8e
generated: "2026-03-15T20:05:14.085780861Z"
version: 0.7.0
digest: sha256:e99b942b1c28deb0c120f5dec6d8a0dae8cb9714109c40cf08054af1467bc56f
generated: "2026-02-27T18:15:22.681368568Z"

6
clusters/cl01tl/helm/freshrss/Chart.yaml
View File

@@ -23,14 +23,14 @@ dependencies:
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
# renovate: datasource=github-releases depName=FreshRSS/FreshRSS

9
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -197,7 +197,7 @@ postgres-18-cluster:
recovery:
method: objectStore
objectStore:
index: 2
index: 1
backup:
objectStore:
- name: garage-local
@@ -222,7 +222,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 20 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -250,8 +250,7 @@ volsync-target-data:
enabled: true
schedule: 18 8 * * *
remote:
enabled: true
schedule: 18 9 * * *
enabled: false
external:
enabled: true
schedule: 18 10 * * *
schedule: 18 9 * * *

32
clusters/cl01tl/helm/garage/templates/service.yaml
View File

@@ -1,32 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: garage-main
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: garage-main
app.kubernetes.io/service: garage-main
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
ports:
- name: admin
port: 3903
protocol: TCP
targetPort: 3903
- name: rpc
port: 3901
protocol: TCP
targetPort: 3901
- name: s3
port: 3900
protocol: TCP
targetPort: 3900
- name: web
port: 3902
protocol: TCP
targetPort: 3902
selector:
app.kubernetes.io/instance: garage
app.kubernetes.io/name: garage
garage-type: server

28
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -118,9 +118,9 @@ garage:
pullPolicy: IfNotPresent
env:
- name: API_BASE_URL
value: http://garage-main.garage:3903
value: http://garage-1.garage:3903
- name: S3_ENDPOINT_URL
value: http://garage-main.garage:3900
value: http://garage-1.garage:3900
- name: API_ADMIN_KEY
valueFrom:
secretKeyRef:
@@ -225,6 +225,26 @@ garage:
api_bind_addr = "[::]:3903"
metrics_require_token = true
service:
garage-main:
forceRename: garage-main
controller: server-2
ports:
s3:
port: 3900
targetPort: 3900
protocol: HTTP
rpc:
port: 3901
targetPort: 3901
protocol: HTTP
web:
port: 3902
targetPort: 3902
protocol : HTTP
admin:
port: 3903
targetPort: 3903
protocol: HTTP
server-1:
forceRename: garage-1
controller: server-1
@@ -302,8 +322,8 @@ garage:
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: admin
interval: 5m
scrapeTimeout: 2m
interval: 1m
scrapeTimeout: 30s
path: /metrics
bearerTokenSecret:
name: garage-token-secret

8
clusters/cl01tl/helm/gatus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:83ec84774e0cc708f1cb5d83d657180159bfb75c9928784ebf0280e224b1cbca
generated: "2026-03-15T20:05:27.625292422Z"
version: 0.7.0
digest: sha256:d7790fe1459aecff41e33719556aa370a3b5c3b4ae7c414268665c63ad3952f3
generated: "2026-02-27T18:15:37.998212393Z"

4
clusters/cl01tl/helm/gatus/Chart.yaml
View File

@@ -22,11 +22,11 @@ dependencies:
version: 1.5.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
# renovate: datasource=github-releases depName=TwiN/gatus

12
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -137,9 +137,6 @@ gatus:
- name: yamtrack
url: https://yamtrack.alexlebens.net
<<: *defaults
- name: movie-roulette
url: https://movie-roulette.alexlebens.net
<<: *defaults
- name: jellyfin
url: https://jellyfin.alexlebens.net
<<: *defaults
@@ -430,7 +427,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 25 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -446,10 +443,9 @@ volsync-target-data:
pvcTarget: gatus
local:
enabled: true
schedule: 20 8 * * *
schedule: 22 8 * * *
remote:
enabled: true
schedule: 20 9 * * *
enabled: false
external:
enabled: true
schedule: 20 10 * * *
schedule: 22 9 * * *

6
clusters/cl01tl/helm/generic-device-plugin/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.22
digest: sha256:14e5aa3f02ce6a1271dadc3f76997c739fc9434e669b05655c079d0b873c56ca
generated: "2026-03-15T20:35:40.676997293Z"
version: 0.20.20
digest: sha256:8841709955381394b6304b7c53345692517e419c197ddc59b66a505ae742ec04
generated: "2026-03-03T03:03:20.457381608Z"

2
clusters/cl01tl/helm/generic-device-plugin/Chart.yaml
View File

@@ -15,6 +15,6 @@ maintainers:
dependencies:
- name: generic-device-plugin
repository: https://gitea.alexlebens.dev/api/packages/alexlebens/helm
version: 0.20.22
version: 0.20.20
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
appVersion: 1.0.0

20
clusters/cl01tl/helm/gitea/Chart.lock
View File

@@ -7,21 +7,21 @@ dependencies:
version: 0.0.3
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.28.0
version: 0.26.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
- name: valkey
version: 7.8.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
version: 1.1.0
- name: valkey
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
repository: https://valkey.io/valkey-helm
version: 0.9.3
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:238b7653c9d12c4886a56350b6d66217dbe7ecbb76078a846c7cc2c8cb450eb3
generated: "2026-03-16T15:56:55.197735783Z"
version: 0.7.0
digest: sha256:9d89745fb4c694706585f7bf6652a45307ad3e528f0f6bd0225ed44282567438
generated: "2026-03-04T00:38:48.956491426Z"

20
clusters/cl01tl/helm/gitea/Chart.yaml
View File

@@ -33,27 +33,27 @@ dependencies:
repository: https://dl.gitea.com/charts/
version: 0.0.3
- name: meilisearch
version: 0.28.0
version: 0.26.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-gitea
version: 0.4.0
- name: redis-replication
alias: redis-replication-gitea
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-renovate
version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.9.3
repository: https://valkey.io/valkey-helm
- name: volsync-target
alias: volsync-target-storage
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/gitea.png
# renovate: datasource=github-releases depName=go-gitea/gitea
appVersion: 1.25.5
appVersion: 1.25.4

57
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -4,7 +4,7 @@ gitea:
replicaCount: 3
image:
repository: gitea/gitea
tag: 1.25.5
tag: 1.25.4
service:
http:
type: ClusterIP
@@ -57,7 +57,6 @@ gitea:
ROOT_URL: https://gitea.alexlebens.dev
LOCAL_ROOT_URL: http://gitea-http.gitea.svc.cluster.local:3000
START_SSH_SERVER: true
HTTP_PORT: 3000
SSH_DOMAIN: gitea.alexlebens.net
SSH_PORT: 22
SSH_LISTEN_PORT: 22
@@ -71,13 +70,13 @@ gitea:
cache:
ENABLED: true
ADAPTER: redis
HOST: redis://gitea-valkey.gitea:6379
HOST: redis://redis-replication-gitea-master.gitea:6379
queue:
TYPE: redis
CONN_STR: redis://gitea-valkey.gitea:6379
CONN_STR: redis://redis-replication-gitea-master.gitea:6379
session:
PROVIDER: redis
PROVIDER_CONFIG: redis://gitea-valkey.gitea:6379
PROVIDER_CONFIG: redis://redis-replication-gitea-master.gitea:6379
indexer:
ISSUE_INDEXER_ENABLED: true
ISSUE_INDEXER_TYPE: meilisearch
@@ -146,7 +145,7 @@ gitea-actions:
log:
level: debug
cache:
enabled: true
enabled: false
runner:
labels:
- "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
@@ -223,7 +222,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 7 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -235,22 +234,40 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-gitea:
valkey:
redis-replication-gitea:
replicationNameOverride: redis-replication-gitea
redisReplication:
clusterSize: 3
resources:
requests:
cpu: 20m
memory: 256Mi
dataStorage:
requestedSize: 10Gi
replica:
persistence:
size: 10Gi
memory: 400Mi
volumeClaimTemplate:
spec:
resources:
requests:
storage: 10Gi
sentinel:
enabled: true
valkey-renovate:
valkey:
nameOverride: valkey-renovate
replica:
enabled: false
image:
registry: ghcr.io
repository: valkey-io/valkey
tag: 9.0.3-alpine
resources:
requests:
cpu: 10m
memory: 32Mi
dataStorage:
enabled: false
replica:
enabled: false
metrics:
enabled: true
serviceMonitor:
enabled: true
podMonitor:
enabled: true
volsync-target-storage:
pvcTarget: gitea-shared-storage
moverSecurityContext:
@@ -260,7 +277,7 @@ volsync-target-storage:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 0 0 7 * * *
schedule: 0 0 0 * * *
restic:
pruneIntervalDays: 3
retain:

16
clusters/cl01tl/helm/grafana-operator/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies:
- name: grafana-operator
repository: https://grafana.github.io/helm-charts
version: 5.22.1
version: 5.22.0
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
- name: valkey
version: 7.8.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
- name: valkey
version: 1.1.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:9cbba52d093e40b20917af87263e1fb0e478912440f660543f3527e70452edc7
generated: "2026-03-15T20:05:59.855514102Z"
version: 1.1.0
digest: sha256:ad859d46d684dcb166896c336d899da35bad32dc12ec64e327fbd366c77d81d7
generated: "2026-03-04T00:39:30.940857832Z"

18
clusters/cl01tl/helm/grafana-operator/Chart.yaml
View File

@@ -17,20 +17,20 @@ maintainers:
- name: alexlebens
dependencies:
- name: grafana-operator
version: 5.22.1
version: 5.22.0
repository: https://grafana.github.io/helm-charts
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-unified-alerting
version: 0.4.0
- name: redis-replication
alias: redis-replication-unified-alerting
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey-remote-cache
version: 0.4.0
- name: redis-replication
alias: redis-replication-remote-cache
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/grafana.png
# renovate: datasource=github-releases depName=grafana/grafana-operator
appVersion: v5.22.1
appVersion: v5.22.0

57
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -301,6 +301,44 @@ spec:
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/harbor.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-redis-replication
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-redis-replication
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/redis-replication.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-redis-operator
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-redis-operator
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/redis-operator.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
@@ -358,25 +396,6 @@ spec:
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/traefik.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard
metadata:
name: grafana-dashboard-tdarr
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-dashboard-tdarr
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
instanceSelector:
matchLabels:
app: grafana-main
contentCacheDuration: 1h
folderUID: grafana-folder-service
resyncPeriod: 1h
url: http://gitea-http.gitea:3000/alexlebens/grafana-dashboards/raw/branch/main/dashboards/service/tdarr.json
---
apiVersion: grafana.integreatly.org/v1beta1
kind: GrafanaDashboard

4
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -45,10 +45,10 @@ spec:
password: ${DB_PASSWORD}
remote_cache:
type: redis
connstr: addr=grafana-operator-valkey-remote-cache.grafana-operator:6379,pool_size=100,db=0,ssl=false
connstr: addr=redis-replication-remote-cache-master.grafana-operator:6379,pool_size=100,db=0,ssl=false
unified_alerting:
enabled: "true"
ha_redis_address: grafana-operator-valkey-unified-alerting.grafana-operator:6379
ha_redis_address: redis-replication-unified-alerting-master.grafana-operator:6379
deployment:
spec:
replicas: 3

20
clusters/cl01tl/helm/grafana-operator/values.yaml
View File

@@ -42,7 +42,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 30 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -54,11 +54,13 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey-unified-alerting:
valkey:
nameOverride: valkey-unified-alerting
valkey-remote-cache:
valkey:
nameOverride: valkey-remote-cache
replica:
enabled: false
redis-replication-unified-alerting:
replicationNameOverride: redis-replication-unified-alerting
redisReplication:
clusterSize: 3
sentinel:
enabled: true
redis-replication-remote-cache:
replicationNameOverride: redis-replication-remote-cache
redisReplication:
clusterSize: 1

10
clusters/cl01tl/helm/harbor/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 1.18.2
- name: postgres-cluster
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
version: 7.10.0
- name: valkey
version: 7.8.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
digest: sha256:14c2b7d09631dbb573e9c9d4613ebe52e330146662da0da15f74c31ec519ed15
generated: "2026-03-15T20:06:13.615175051Z"
version: 1.1.0
digest: sha256:5ed0bf7a628fafdf2adc742b80ba900fd836e56682e9c3c37c4959cc56a91e4b
generated: "2026-03-04T00:40:00.093022723Z"

9
clusters/cl01tl/helm/harbor/Chart.yaml
View File

@@ -21,12 +21,11 @@ dependencies:
repository: https://helm.goharbor.io
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm
- name: valkey
alias: valkey
version: 0.4.0
- name: redis-replication
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/harbor.png
# renovate: datasource=github-releases depName=goharbor/harbor
appVersion: v2.14.3
appVersion: v2.14.2

23
clusters/cl01tl/helm/harbor/values.yaml
View File

@@ -41,12 +41,12 @@ harbor:
portal:
image:
repository: goharbor/harbor-portal
tag: v2.14.3
tag: v2.14.2
replicas: 2
core:
image:
repository: goharbor/harbor-core
tag: v2.14.3
tag: v2.14.2
replicas: 2
existingSecret: harbor-secret
secretName: harbor-secret
@@ -54,7 +54,7 @@ harbor:
jobservice:
image:
repository: goharbor/harbor-jobservice
tag: v2.14.3
tag: v2.14.2
replicas: 2
jobLoggers:
- stdout
@@ -63,11 +63,11 @@ harbor:
registry:
image:
repository: goharbor/registry-photon
tag: v2.14.3
tag: v2.14.2
controller:
image:
repository: goharbor/harbor-registryctl
tag: v2.14.3
tag: v2.14.2
existingSecret: harbor-secret
relativeurls: true
credentials:
@@ -90,18 +90,18 @@ harbor:
redis:
type: external
external:
addr: harbor-valkey.harbor:6379
addr: "redis-replication-harbor-master.harbor:6379"
exporter:
image:
repository: goharbor/harbor-exporter
tag: v2.14.3
tag: v2.14.2
replicas: 2
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 2
index: 1
backup:
objectStore:
- name: garage-local
@@ -126,7 +126,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 35 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -138,3 +138,8 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
redis-replication:
redisReplication:
clusterSize: 3
sentinel:
enabled: true

6
clusters/cl01tl/helm/headlamp/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: headlamp
repository: https://kubernetes-sigs.github.io/headlamp/
version: 0.40.1
digest: sha256:723a57d6fe86a124b8bae7dfc1dde0c2abd60021837826b486054df00551dc03
generated: "2026-03-14T15:02:53.184950913Z"
version: 0.40.0
digest: sha256:b7f8f176f8c4902130e87660adb39211fd5ca454f89f5a7e9ed577cd4c3a2255
generated: "2026-02-05T18:23:45.100522813Z"

2
clusters/cl01tl/helm/headlamp/Chart.yaml
View File

@@ -14,7 +14,7 @@ maintainers:
- name: alexlebens
dependencies:
- name: headlamp
version: 0.40.1
version: 0.40.0
repository: https://kubernetes-sigs.github.io/headlamp/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/headlamp.png
# renovate: datasource=github-releases depName=headlamp-k8s/headlamp

2
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -8,8 +8,6 @@ headlamp:
enabled: true
name: headlamp-oidc-secret
watchPlugins: true
# Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883
sessionTTL: null
resources:
requests:
cpu: 10m

6
clusters/cl01tl/helm/home-assistant/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dc33c006806b1ac93403a6e77c12e013cac6cf64586bc1d26c54841e6ddf7d2c
generated: "2026-03-06T01:08:23.774548766Z"
version: 0.7.0
digest: sha256:2ba5b6579e7296d663fd0dcb7dfb4fea67142413801f6fbc4125a0e731b45210
generated: "2026-01-16T18:46:42.940648748Z"

4
clusters/cl01tl/helm/home-assistant/Chart.yaml
View File

@@ -21,8 +21,8 @@ dependencies:
version: 4.6.2
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/home-assistant.png
# renovate: datasource=github-releases depName=home-assistant/core
appVersion: 2026.3.1
appVersion: 2026.3.0

11
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -9,7 +9,7 @@ home-assistant:
main:
image:
repository: ghcr.io/home-assistant/home-assistant
tag: 2026.3.1
tag: 2026.3.0
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -21,7 +21,7 @@ home-assistant:
code-server:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.111.0@sha256:12c04b41f601604795562ece2ac64cade7cfca632415f4bfb1742477e3226272
tag: 4.109.5@sha256:aa43fb2fc31127e9d2166e903c7f13792351e38658ba29645662a89ff04ff90d
pullPolicy: IfNotPresent
env:
- name: TZ
@@ -134,10 +134,9 @@ volsync-target-config:
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 22 8 * * *
schedule: 24 8 * * *
remote:
enabled: true
schedule: 22 9 * * *
enabled: false
external:
enabled: true
schedule: 22 10 * * *
schedule: 24 9 * * *

2
clusters/cl01tl/helm/homepage/Chart.yaml
View File

@@ -19,4 +19,4 @@ dependencies:
version: 4.6.2
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/homepage.png
# renovate: datasource=github-releases depName=gethomepage/homepage
appVersion: v1.11.0
appVersion: v1.10.1

42
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -16,7 +16,7 @@ homepage:
main:
image:
repository: ghcr.io/gethomepage/homepage
tag: v1.11.0
tag: v1.10.1
pullPolicy: IfNotPresent
env:
- name: HOMEPAGE_ALLOWED_HOSTS
@@ -36,24 +36,6 @@ homepage:
config:
enabled: true
data:
custom.css: |
html {
font-size: 18px;
}
ul#myTab {
background-color: rgba(240, 230, 215, 0.12) !important;
color: white !important;
}
li.service div.service-card,
li.bookmark a.rounded-md {
color: white !important;
background-color: rgba(240, 230, 215, 0.12) !important;
transition: all 150ms ease !important;
}
li.service div.service-card:hover,
li.bookmark a.rounded-md:hover {
background-color: rgba(240, 230, 215, 0.18) !important;
}
docker.yaml: ""
kubernetes.yaml: |
mode: cluster
@@ -160,12 +142,6 @@ homepage:
href: https://yamtrack.alexlebens.net
siteMonitor: http://yamtrack.yamtrack:80
statusStyle: dot
- Movie Roulette:
icon: https://raw.githubusercontent.com/sahara101/Movie-Roulette/refs/heads/main/static/icons/icon.png
description: Movie Roulette
href: https://movie-roulette.alexlebens.net
siteMonitor: http://movie-roulette.movie-roulette:80
statusStyle: dot
- Movies and TV:
icon: sh-jellyfin.webp
description: Jellyfin
@@ -851,10 +827,10 @@ homepage:
advancedMounts:
main:
main:
- path: /app/config/custom.css
- path: /app/config/bookmarks.yaml
readOnly: true
mountPropagation: None
subPath: custom.css
subPath: bookmarks.yaml
- path: /app/config/docker.yaml
readOnly: true
mountPropagation: None
@@ -863,6 +839,10 @@ homepage:
readOnly: true
mountPropagation: None
subPath: kubernetes.yaml
- path: /app/config/services.yaml
readOnly: true
mountPropagation: None
subPath: services.yaml
- path: /app/config/settings.yaml
readOnly: true
mountPropagation: None
@@ -871,11 +851,3 @@ homepage:
readOnly: true
mountPropagation: None
subPath: widgets.yaml
- path: /app/config/services.yaml
readOnly: true
mountPropagation: None
subPath: services.yaml
- path: /app/config/bookmarks.yaml
readOnly: true
mountPropagation: None
subPath: bookmarks.yaml

12
clusters/cl01tl/helm/immich/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
- name: valkey
version: 7.8.0
- name: redis-replication
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.4.0
version: 1.1.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:b79ea8c506f0172deed820247a33c79329f34426435c8b5eb27b206ac8831b13
generated: "2026-03-15T20:06:27.091094433Z"
version: 0.7.0
digest: sha256:8c204b4e38b60693c1ed5a80ea441567bc074aebf3282591b987087024ecd3bc
generated: "2026-03-04T00:40:31.462721535Z"

9
clusters/cl01tl/helm/immich/Chart.yaml
View File

@@ -20,15 +20,14 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey
alias: valkey
version: 0.4.0
- name: redis-replication
version: 1.1.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/immich.png
# renovate: datasource=github-releases depName=immich-app/immich

16
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -19,7 +19,7 @@ immich:
- name: IMMICH_CONFIG_FILE
value: /config/immich.json
- name: REDIS_HOSTNAME
value: immich-valkey
value: redis-replication-immich-master
- name: DB_VECTOR_EXTENSION
value: vectorchord
- name: DB_HOSTNAME
@@ -209,7 +209,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 40 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -221,20 +221,26 @@ postgres-18-cluster:
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
redis-replication:
redisReplication:
clusterSize: 3
sentinel:
enabled: true
volsync-target-data:
pvcTarget: immich
local:
enabled: true
schedule: 24 8 * * *
schedule: 28 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 24 9 * * *
schedule: 28 10 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 24 10 * * *
schedule: 28 9 * * *
restic:
cacheCapacity: 10Gi

8
clusters/cl01tl/helm/jellyfin/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.28.0
version: 0.26.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:57b007c6e19dda1300f5025332d9e8104bfb9a50cd7124260bfa68ce2432628b
generated: "2026-03-16T15:57:13.466372254Z"
version: 0.7.0
digest: sha256:68e88cb0f8b9569d8b53dcc63d47c31320aa0f10173eb938e5b56e8b84b0caec
generated: "2026-03-04T00:24:27.958585796Z"

4
clusters/cl01tl/helm/jellyfin/Chart.yaml
View File

@@ -25,11 +25,11 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: meilisearch
version: 0.28.0
version: 0.26.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellyfin.png
# renovate: datasource=github-releases depName=jellyfin/jellyfin

6
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -143,16 +143,14 @@ volsync-target-config:
pvcTarget: jellyfin-config
local:
enabled: true
schedule: 26 8 * * *
schedule: 30 8 * * *
restic:
cacheCapacity: 10Gi
remote:
enabled: true
schedule: 26 9 * * *
restic:
cacheCapacity: 10Gi
external:
enabled: true
schedule: 26 10 * * *
schedule: 30 9 * * *
restic:
cacheCapacity: 10Gi

8
clusters/cl01tl/helm/jellystat/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
version: 7.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:f779185ce82045b47fc75bf95c4a8215acbd387f44a4bdb764486406d9b03748
generated: "2026-03-15T20:06:38.720993367Z"
version: 0.7.0
digest: sha256:34b82ccec2d4666175e0952d03f9467e3966c1a9a15661c6ceeed2b492c9d82d
generated: "2026-02-27T18:16:58.512565338Z"

4
clusters/cl01tl/helm/jellystat/Chart.yaml
View File

@@ -21,11 +21,11 @@ dependencies:
version: 4.6.2
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
version: 7.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/jellystat.png
# renovate: datasource=github-releases depName=CyferShepard/Jellystat

9
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -129,7 +129,7 @@ postgres-18-cluster:
- name: live-backup
suspend: false
immediate: true
schedule: "0 45 14 * * *"
schedule: "0 0 0 * * *"
backupName: garage-local
# - name: weekly-backup
# suspend: true
@@ -145,10 +145,9 @@ volsync-target-data:
pvcTarget: jellystat-data
local:
enabled: true
schedule: 28 8 * * *
schedule: 32 8 * * *
remote:
enabled: true
schedule: 28 9 * * *
enabled: false
external:
enabled: true
schedule: 28 10 * * *
schedule: 32 9 * * *

10
clusters/cl01tl/helm/karakeep/Chart.lock
View File

@@ -4,12 +4,12 @@ dependencies:
version: 4.6.2
- name: meilisearch
repository: https://meilisearch.github.io/meilisearch-kubernetes
version: 0.28.0
version: 0.26.0
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:49e37e17dc859927048c6474ce27cb063a020f291d6d2d24876d0427eddc3656
generated: "2026-03-16T15:57:28.156797159Z"
version: 0.7.0
digest: sha256:771c49ed1981152cc94725f772eb30e973410b858dcc6e9f335054934649347d
generated: "2026-03-04T00:24:56.137773017Z"

6
clusters/cl01tl/helm/karakeep/Chart.yaml
View File

@@ -22,14 +22,14 @@ dependencies:
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: meilisearch
version: 0.28.0
version: 0.26.0
repository: https://meilisearch.github.io/meilisearch-kubernetes
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
version: 2.3.0
- name: volsync-target
alias: volsync-target-data
version: 0.8.0
version: 0.7.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/webp/karakeep.webp
# renovate: datasource=github-releases depName=karakeep-app/karakeep

Some files were not shown because too many files have changed in this diff Show More