Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
 renovate-bot
|
3d8fe7224d
|
@@ -169,10 +169,9 @@ jobs:
|
||||
|
||||
echo ">> Running linting on changed charts ..."
|
||||
|
||||
lint_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
CHART_NAME=$(basename "${CHART_PATH}")
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
echo ""
|
||||
@@ -183,8 +182,15 @@ jobs:
|
||||
echo ">> Linting helm chart ${CHART_NAME} ..."
|
||||
|
||||
if ! helm lint "${CHART_PATH}" --namespace "default"; then
|
||||
echo "${DIR}" > ".failed_chart_${CHART_NAME}"
|
||||
return 1
|
||||
EXIT_CODE=1
|
||||
|
||||
if [ -z "${FAILED_CHARTS}" ]; then
|
||||
FAILED_CHARTS="${DIR}"
|
||||
|
||||
else
|
||||
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
else
|
||||
@@ -192,20 +198,8 @@ jobs:
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
|
||||
fi
|
||||
}
|
||||
|
||||
export -f lint_chart
|
||||
export CLUSTER
|
||||
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -P 4 -I {} bash -c 'OUT=$(lint_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||
|
||||
if ls .failed_chart_* 1> /dev/null 2>&1; then
|
||||
EXIT_CODE=1
|
||||
FAILED_CHARTS=$(cat .failed_chart_* | paste -sd ',' - | sed 's/,/, /g')
|
||||
rm -f .failed_chart_*
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
@@ -335,15 +329,13 @@ jobs:
|
||||
EXIT_CODE=0
|
||||
FAILED_CHARTS=""
|
||||
|
||||
validate_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
echo ""
|
||||
echo ">> Validating: ${DIR}"
|
||||
|
||||
helm dependency build "${CHART_PATH}" --skip-refresh
|
||||
|
||||
set -o pipefail
|
||||
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor" | \
|
||||
kubeconform \
|
||||
${SCHEMA_LOCATIONS} \
|
||||
@@ -351,23 +343,18 @@ jobs:
|
||||
-strict \
|
||||
-summary; then
|
||||
|
||||
echo "${DIR}" > ".failed_chart_${DIR}"
|
||||
return 1
|
||||
EXIT_CODE=1
|
||||
|
||||
if [ -z "${FAILED_CHARTS}" ]; then
|
||||
FAILED_CHARTS="${DIR}"
|
||||
|
||||
else
|
||||
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
|
||||
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
export -f validate_chart
|
||||
export CLUSTER SCHEMA_LOCATIONS
|
||||
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -P 4 -I {} bash -c 'OUT=$(validate_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||
|
||||
if ls .failed_chart_* 1> /dev/null 2>&1; then
|
||||
EXIT_CODE=1
|
||||
FAILED_CHARTS=$(cat .failed_chart_* | paste -sd ',' - | sed 's/,/, /g')
|
||||
rm -f .failed_chart_*
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
@@ -250,8 +250,6 @@ jobs:
|
||||
|
||||
echo ">> Rendering Manifests ..."
|
||||
|
||||
EXIT_CODE=0
|
||||
|
||||
render_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="${MAIN_DIR}/clusters/${CLUSTER}/helm/${DIR}"
|
||||
@@ -285,17 +283,10 @@ jobs:
|
||||
|
||||
echo ">> Formating rendered template ..."
|
||||
local TEMPLATE
|
||||
if ! TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor"); then
|
||||
echo "${DIR}" > "${MAIN_DIR}/.failed_chart_${DIR}"
|
||||
return 1
|
||||
fi
|
||||
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
|
||||
|
||||
# Format and split rendered template
|
||||
set -o pipefail
|
||||
if ! echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'; then
|
||||
echo "${DIR}" > "${MAIN_DIR}/.failed_chart_${DIR}"
|
||||
return 1
|
||||
fi
|
||||
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
|
||||
# Strip comments again to ensure formatting correctness
|
||||
for file in "$OUTPUT_FOLDER"/*; do
|
||||
@@ -325,16 +316,9 @@ jobs:
|
||||
|
||||
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||
|
||||
if ls .failed_chart_* 1> /dev/null 2>&1; then
|
||||
EXIT_CODE=1
|
||||
rm -f .failed_chart_*
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
exit $EXIT_CODE
|
||||
|
||||
- name: Check for Changes
|
||||
id: check-changes
|
||||
if: steps.check-dir-changes.outputs.changes-detected == 'true'
|
||||
|
||||
@@ -12,8 +12,8 @@ on:
|
||||
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-js
|
||||
container: ghcr.io/renovatebot/renovate:43.186.1@sha256:4696b3a6fe3ca10d0eae49cbf1da17e381cbc8bf75c224b2605a25773cff03dc
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.138.2@sha256:79765b2442117d5c87e17456aa79ae54b4e0e2a4d9212a10508e233706375556
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
digest: sha256:cefbc682239406e67d7f05887c9155742d7566f1ebe0b303dd3b160f1b28aa49
|
||||
generated: "2026-05-15T00:28:22.250508809Z"
|
||||
version: 4.6.2
|
||||
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
|
||||
generated: "2026-04-18T20:15:22.778699-05:00"
|
||||
|
||||
@@ -17,11 +17,11 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: actual
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 2.0.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 4.6.2
|
||||
# - name: volsync-target
|
||||
# alias: volsync-target-data
|
||||
# version: 0.8.0
|
||||
# repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
# renovate: datasource=github-releases depName=actualbudget/actual
|
||||
appVersion: 26.5.2
|
||||
appVersion: 26.4.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -8,7 +8,7 @@ actual:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/actualbudget/actual
|
||||
tag: 26.5.2@sha256:1aeeb3985db55556e716dec25e08f6ce09308c2571b65cddbc6746ee6d5e0d45
|
||||
tag: 26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e
|
||||
env:
|
||||
- name: ACTUAL_PORT
|
||||
value: 5006
|
||||
@@ -75,7 +75,7 @@ volsync-target-data:
|
||||
schedule: 0 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 0 10 * * 0
|
||||
schedule: 0 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 0 9 * * 0
|
||||
schedule: 0 10 * * *
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.5.14
|
||||
digest: sha256:5cae964bb988089467bc5c46badbe33b67f64abd039f5961e66e412a5c7004a7
|
||||
generated: "2026-05-13T17:58:34.736881783Z"
|
||||
version: 9.5.2
|
||||
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
|
||||
generated: "2026-04-19T19:53:40.43789-05:00"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
version: 9.5.14
|
||||
version: 9.5.2
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
# renovate: datasource=github-releases depName=argoproj/argo-cd
|
||||
appVersion: v3.4.2
|
||||
appVersion: v3.3.7
|
||||
|
||||
@@ -1,108 +0,0 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: haproxy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: haproxy
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
groups:
|
||||
- name: EmbeddedExporter
|
||||
rules:
|
||||
- alert: HAProxyHighHTTP4xxErrorRateBackend
|
||||
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 4xx error rate backend (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 4xx (> 5%) on backend {{ `{{ $labels.proxy }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyHighHTTP5xxErrorRateBackend
|
||||
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 5xx error rate backend (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 5xx (> 5%) on backend {{ `{{ $labels.proxy }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyHighHTTP4xxErrorRateServer
|
||||
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 4xx error rate server (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 4xx (> 5%) on server {{ `{{ $labels.server }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyHighHTTP5xxErrorRateServer
|
||||
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 5xx error rate server (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 5xx (> 5%) on server {{ `{{ $labels.server }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyServerResponseErrors
|
||||
expr: (sum by (server) (rate(haproxy_server_response_errors_total[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100 > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy server response errors (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many response errors to {{ `{{ $labels.server }}` }} server (> 5%).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyBackendConnectionErrors
|
||||
expr: (sum by (proxy) (rate(haproxy_backend_connection_errors_total[1m]))) > 100
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy backend connection errors (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many connection errors to {{ `{{ $labels.proxy }}` }} backend (> 100 req/s). Request throughput may be too high.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyServerConnectionErrors
|
||||
expr: (sum by (proxy) (rate(haproxy_server_connection_errors_total[1m]))) > 100
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy server connection errors (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many connection errors to {{ `{{ $labels.proxy }}` }} (> 100 req/s). Request throughput may be too high.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyBackendMaxActiveSession>80%
|
||||
expr: (haproxy_backend_current_sessions / haproxy_backend_limit_sessions * 100) > 80 and haproxy_backend_limit_sessions > 0
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy backend max active session > 80% (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Session limit from backend {{ `{{ $labels.proxy }}` }} reached 80% of limit - {{ `{{ $value | printf \"%.2f\"}}` }}%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyPendingRequests
|
||||
expr: sum by (proxy) (haproxy_backend_current_queue) > 0
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy pending requests (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Some HAProxy requests are pending on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyRetryHigh
|
||||
expr: sum by (proxy) (rate(haproxy_backend_retry_warnings_total[1m])) > 10
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy retry high (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "High rate of retry on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyFrontendSecurityBlockedRequests
|
||||
expr: sum by (proxy) (rate(haproxy_frontend_denied_connections_total[2m])) > 10
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy frontend security blocked requests (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "HAProxy is blocking requests for security reason\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyServerHealthcheckFailure
|
||||
expr: increase(haproxy_server_check_failures_total[1m]) > 2
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy server healthcheck failure (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Some server healthcheck are failing on {{ `{{ $labels.server }}` }} ({{ `{{ $value }}` }} in the last 1m)\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
@@ -91,7 +91,7 @@ argo-cd:
|
||||
enabled: true
|
||||
image:
|
||||
repository: redis
|
||||
tag: 8.6.3-alpine@sha256:69f2c586c8a7e9cce4ae1ee9bbaf60bc4bb5f4bb3880e4ed022b1fd758a7cab9
|
||||
tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72
|
||||
persistentVolume:
|
||||
enabled: true
|
||||
redis:
|
||||
@@ -103,7 +103,7 @@ argo-cd:
|
||||
enabled: true
|
||||
image:
|
||||
repository: haproxy
|
||||
tag: 3.3.10-alpine@sha256:3201152205e9d02557ab3c8ecfcf0d378126eec0a5d1b0950ea22af31ee10bf2
|
||||
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
|
||||
resources:
|
||||
requests:
|
||||
cpu: 5m
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
digest: sha256:1301152734c6f4df67089c4076875022ecafc466c308dc994f4333917c3d8622
|
||||
generated: "2026-05-15T00:28:34.959229494Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:7ee4cfdf7f908401c39b3cda0cf8783b25dcb9cf93e7c911609bab9e303ec5bf
|
||||
generated: "2026-03-06T01:05:03.534042627Z"
|
||||
|
||||
@@ -21,15 +21,15 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: audiobookshelf
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-metadata
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
|
||||
appVersion: 2.35.0
|
||||
appVersion: 2.33.2
|
||||
|
||||
@@ -15,13 +15,9 @@ spec:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
ntfy-url: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}"
|
||||
ntfy-url: "{{ `{{ .endpoint }}` }}/audiobookshelf"
|
||||
data:
|
||||
- secretKey: endpoint
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: internal-endpoint-credential
|
||||
- secretKey: topic
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/topics
|
||||
property: audiobookshelf
|
||||
|
||||
@@ -12,7 +12,7 @@ audiobookshelf:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/advplyr/audiobookshelf
|
||||
tag: 2.35.0@sha256:89276ff2e0b3d2f07dd334b641f27a34ab7f02e1047c60b7b8a30126cb0813a5
|
||||
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -23,7 +23,7 @@ audiobookshelf:
|
||||
apprise-api:
|
||||
image:
|
||||
repository: ghcr.io/caronc/apprise
|
||||
tag: v1.4.1@sha256:25e0577915c2f06233ae1dce077f05c0fc9ba4f0ea89de5aee18a32b2ee9a75c
|
||||
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -129,21 +129,21 @@ volsync-target-config:
|
||||
pvcTarget: audiobookshelf-config
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 5 8 * * *
|
||||
schedule: 2 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 5 10 * * 0
|
||||
schedule: 2 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 5 9 * * 0
|
||||
schedule: 2 10 * * *
|
||||
volsync-target-metadata:
|
||||
pvcTarget: audiobookshelf-metadata
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 10 8 * * *
|
||||
schedule: 4 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 10 10 * * 0
|
||||
schedule: 4 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 10 9 * * 0
|
||||
schedule: 4 10 * * *
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
dependencies:
|
||||
- name: authentik
|
||||
repository: https://charts.goauthentik.io/
|
||||
version: 2026.2.3
|
||||
version: 2026.2.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:df192f903f1bcb7c8882b65b697ab457301c8eced1fdebc56580e4a76039910e
|
||||
generated: "2026-05-18T19:56:17.91252-05:00"
|
||||
version: 0.6.1
|
||||
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d
|
||||
generated: "2026-04-13T20:32:12.748342469Z"
|
||||
|
||||
@@ -18,18 +18,18 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: authentik
|
||||
version: 2026.2.3
|
||||
version: 2026.2.2
|
||||
repository: https://charts.goauthentik.io/
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.8.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
|
||||
# renovate: datasource=github-releases depName=goauthentik/authentik
|
||||
|
||||
@@ -5,8 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
spec:
|
||||
@@ -25,4 +25,4 @@ spec:
|
||||
service:
|
||||
name: authentik-server
|
||||
port:
|
||||
name: http
|
||||
number: 80
|
||||
|
||||
@@ -77,6 +77,10 @@ authentik:
|
||||
enabled: true
|
||||
postgres-18-cluster:
|
||||
mode: recovery
|
||||
cluster:
|
||||
resources:
|
||||
requests:
|
||||
memory: 150Mi
|
||||
recovery:
|
||||
method: objectStore
|
||||
objectStore:
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
digest: sha256:099e7a9792fceb0cbce4c13e997c5029af39807da6e5c9825a1a042b785e0887
|
||||
generated: "2026-05-15T00:28:48.302596135Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:f203538010828e77336f3cf39451a1072c90aeb8ece7c173a3476c49883b46d1
|
||||
generated: "2026-03-06T01:05:24.935421139Z"
|
||||
|
||||
@@ -17,15 +17,15 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: backrest
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
|
||||
# renovate: datasource=github-releases depName=garethgeorge/backrest
|
||||
appVersion: v1.13.0
|
||||
appVersion: v1.12.1
|
||||
|
||||
@@ -8,7 +8,7 @@ backrest:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/garethgeorge/backrest
|
||||
tag: v1.13.0@sha256:9c9966b5c285ec791a6b06cb4545fa0247424d05442e12f9558b4322d9f8a15f
|
||||
tag: v1.12.1@sha256:f4d34bd6fa985d13bdb6c01c5d8727e07708899afa9567d800808357d77b9fb0
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -115,21 +115,21 @@ volsync-target-data:
|
||||
pvcTarget: backrest-data
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 15 8 * * *
|
||||
schedule: 6 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 15 10 * * 0
|
||||
schedule: 6 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 15 9 * * 0
|
||||
schedule: 6 10 * * *
|
||||
volsync-target-config:
|
||||
pvcTarget: backrest-config
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 20 8 * * *
|
||||
schedule: 8 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 20 10 * * 0
|
||||
schedule: 8 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 20 9 * * 0
|
||||
schedule: 8 10 * * *
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
digest: sha256:bcced6d5e69265581b976c3e0426cc1330e36109255ce34533ef0d9b991054a5
|
||||
generated: "2026-05-15T00:29:00.968381514Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:ce88e4cd451613c9dbc25d285700970789ff678452ef277f3c8465dbf6157f1f
|
||||
generated: "2026-03-06T01:05:44.405374459Z"
|
||||
|
||||
@@ -21,10 +21,10 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: bazarr
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr
|
||||
|
||||
@@ -112,10 +112,10 @@ volsync-target-config:
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 25 8 * * *
|
||||
schedule: 10 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 25 10 * * 0
|
||||
schedule: 10 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 25 9 * * 0
|
||||
schedule: 10 10 * * *
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:adbf5c062f0be520b579854a9ec75e6932b472508d9b1ec7277bacc3940c20e9
|
||||
generated: "2026-05-15T00:29:14.40707075Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae
|
||||
generated: "2026-04-13T20:32:34.844998902Z"
|
||||
|
||||
@@ -17,11 +17,11 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: blocky
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.8.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
|
||||
# renovate: datasource=github-releases depName=0xerr0r/blocky
|
||||
appVersion: v0.30.0
|
||||
appVersion: v0.29.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -8,7 +8,7 @@ blocky:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/0xerr0r/blocky
|
||||
tag: v0.30.0@sha256:d9f15eddffedded40797406349012cbd5966ef99c286b13321e7a76efddb9bdc
|
||||
tag: v0.29.0@sha256:a6d99f323d3036a99a3767a52ad612f4d8f3f31167492bfc14d4ea57b24cdfd0
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -134,7 +134,7 @@ blocky:
|
||||
komodo IN CNAME traefik-cl01tl
|
||||
languagetool IN CNAME traefik-cl01tl
|
||||
lidarr IN CNAME traefik-cl01tl
|
||||
loki IN CNAME traefik-cl01tl
|
||||
mail IN CNAME traefik-cl01tl
|
||||
medialyze IN CNAME traefik-cl01tl
|
||||
music-grabber IN CNAME traefik-cl01tl
|
||||
navidrome IN CNAME traefik-cl01tl
|
||||
@@ -162,6 +162,7 @@ blocky:
|
||||
sonarr-4k IN CNAME traefik-cl01tl
|
||||
sonarr-anime IN CNAME traefik-cl01tl
|
||||
sparkyfitness IN CNAME traefik-cl01tl
|
||||
stalwart IN CNAME traefik-cl01tl
|
||||
tdarr IN CNAME traefik-cl01tl
|
||||
tubearchivist IN CNAME traefik-cl01tl
|
||||
vault IN CNAME traefik-cl01tl
|
||||
|
||||
@@ -1,44 +0,0 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: cert-manager
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: cert-manager
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
groups:
|
||||
- name: EmbeddedExporter
|
||||
rules:
|
||||
- alert: Cert-ManagerAbsent
|
||||
expr: absent(up{job="cert-manager"})
|
||||
for: 10m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: Cert-Manager absent (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Cert-Manager has disappeared from Prometheus service discovery. New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: Cert-ManagerCertificateExpiringSoon
|
||||
expr: avg by (exported_namespace, namespace, name) (certmanager_certificate_expiration_timestamp_seconds - time()) < (21 * 24 * 3600)
|
||||
for: 1h
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Cert-Manager certificate expiring soon (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "The certificate {{ `{{ $labels.name }}` }} is expiring in less than 21 days.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: Cert-ManagerCertificateNotReady
|
||||
expr: max by (name, exported_namespace, namespace, condition) (certmanager_certificate_ready_status{condition!="True"} == 1)
|
||||
for: 10m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: Cert-Manager certificate not ready (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "The certificate {{ `{{ $labels.name }}` }} in namespace {{ `{{ $labels.exported_namespace }}` }} is not ready to serve traffic.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: Cert-ManagerHittingACMERateLimits
|
||||
expr: sum by (host) (rate(certmanager_acme_client_request_count{status="429"}[5m])) > 0
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: Cert-Manager hitting ACME rate limits (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Cert-Manager is being rate-limited by the ACME provider. Certificate issuance and renewal may be blocked for up to a week.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: cilium
|
||||
repository: https://helm.cilium.io/
|
||||
version: 1.18.9
|
||||
digest: sha256:f7d127bed9b2c9154f25ffdc36ef7477ac8c8b12aeb92c5f4c20be5abd49ec11
|
||||
generated: "2026-05-10T19:25:36.71023-05:00"
|
||||
version: 1.18.6
|
||||
digest: sha256:8ea328ac238524b5b423e6289f5e25d05ef64e6aa19cfd5de238f1d5dd533e9b
|
||||
generated: "2026-02-05T12:00:20.15778-06:00"
|
||||
|
||||
@@ -14,8 +14,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: cilium
|
||||
version: 1.18.9
|
||||
version: 1.18.6
|
||||
repository: https://helm.cilium.io/
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
|
||||
# renovate: datasource=github-releases depName=cilium/cilium
|
||||
appVersion: 1.18.9
|
||||
appVersion: 1.18.6
|
||||
|
||||
@@ -10,3 +10,18 @@ spec:
|
||||
blocks:
|
||||
- start: "10.232.1.21"
|
||||
stop: "10.232.1.23"
|
||||
|
||||
---
|
||||
apiVersion: cilium.io/v2
|
||||
kind: CiliumLoadBalancerIPPool
|
||||
metadata:
|
||||
name: bgp-ip-pool
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bgp-ip-pool
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.2.100"
|
||||
stop: "10.232.2.200"
|
||||
disabled: true
|
||||
|
||||
@@ -20,6 +20,8 @@ spec:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- kind: Service
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: hubble-ui
|
||||
port: 80
|
||||
weight: 100
|
||||
|
||||
@@ -25,14 +25,20 @@ cilium:
|
||||
- NET_ADMIN
|
||||
- SYS_ADMIN
|
||||
- SYS_RESOURCE
|
||||
bgpControlPlane:
|
||||
enabled: false
|
||||
bpf:
|
||||
hostLegacyRouting: true
|
||||
masquerade: false
|
||||
devices: end0 enp6s0
|
||||
ciliumEndpointSlice:
|
||||
enabled: true
|
||||
gatewayAPI:
|
||||
enabled: false
|
||||
enabled: true
|
||||
enableAppProtocol: true
|
||||
enableAlpn: true
|
||||
secretsNamespace:
|
||||
create: false
|
||||
name: kube-system
|
||||
socketLB:
|
||||
enabled: true
|
||||
hostNamespaceOnly: true
|
||||
|
||||
@@ -1,15 +1,9 @@
|
||||
dependencies:
|
||||
- name: cloudnative-pg
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
version: 0.28.2
|
||||
version: 0.28.0
|
||||
- name: plugin-barman-cloud
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
version: 0.6.0
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
digest: sha256:35ff1bb60552f176dab2055a17c0e8880cc6b6c7bfa6c64415a1eec421f8723f
|
||||
generated: "2026-05-18T02:14:30.999705779Z"
|
||||
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
|
||||
generated: "2026-04-14T09:03:10.332065288Z"
|
||||
|
||||
@@ -13,24 +13,15 @@ sources:
|
||||
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
|
||||
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
|
||||
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: cloudnative-pg
|
||||
version: 0.28.2
|
||||
version: 0.28.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
- name: plugin-barman-cloud
|
||||
version: 0.6.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
- name: rclone-bucket
|
||||
alias: rclone-postgres-backups-remote
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
- name: rclone-bucket
|
||||
alias: rclone-postgres-backups-external
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
|
||||
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
|
||||
appVersion: 1.29.1
|
||||
appVersion: 1.29.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -14,61 +14,3 @@ plugin-barman-cloud:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 20Mi
|
||||
rclone-postgres-backups-remote:
|
||||
nameOverride: postgres-backups-remote-rclone
|
||||
cronJob:
|
||||
suspend: false
|
||||
schedule: 30 6 * * 1
|
||||
rclone:
|
||||
source:
|
||||
bucketName: postgres-backups
|
||||
destination:
|
||||
bucketName: postgres-backups
|
||||
prune:
|
||||
enabled: true
|
||||
ageToPrune: 45d
|
||||
include: "/cl01tl/*/*/*/base/**"
|
||||
exclude: "**/walls/**"
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/postgres-backups
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /garage/home-infra/postgres-backups
|
||||
config:
|
||||
path: /garage/config
|
||||
rclone-postgres-backups-external:
|
||||
nameOverride: postgres-backups-external-rclone
|
||||
cronJob:
|
||||
suspend: false
|
||||
schedule: 0 6 * * 1
|
||||
rclone:
|
||||
source:
|
||||
bucketName: postgres-backups
|
||||
destination:
|
||||
bucketName: postgres-backups-775957147abfbc73
|
||||
prune:
|
||||
enabled: true
|
||||
ageToPrune: 14d
|
||||
include: "/cl01tl/*/*/*/base/**"
|
||||
exclude: "**/walls/**"
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/postgres-backups
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /backblaze/home-infra/postgres-backups
|
||||
keyIdProperty: AWS_ACCESS_KEY_ID
|
||||
secretKeyProperty: AWS_SECRET_ACCESS_KEY
|
||||
regionProperty: AWS_REGION
|
||||
config:
|
||||
path: /backblaze/config
|
||||
endpointProperty: ENDPOINT
|
||||
|
||||
@@ -8,7 +8,6 @@ keywords:
|
||||
home: https://docs.alexlebens.dev/applications/coredns/
|
||||
sources:
|
||||
- https://github.com/coredns/coredns
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fcoredns%2Fcoredns
|
||||
- https://github.com/coredns/helm
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
@@ -18,4 +17,4 @@ dependencies:
|
||||
repository: https://coredns.github.io/helm
|
||||
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
|
||||
# renovate: datasource=github-releases depName=coredns/coredns
|
||||
appVersion: v1.14.3
|
||||
appVersion: v1.14.2
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,7 +1,7 @@
|
||||
coredns:
|
||||
image:
|
||||
repository: coredns/coredns
|
||||
tag: 1.14.3@sha256:b21d26b915e10acb5bc78715c1e8b6047ab2675389b2bcc18b3a6499d90e74c0
|
||||
repository: registry.k8s.io/coredns/coredns
|
||||
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9
|
||||
replicaCount: 3
|
||||
resources:
|
||||
limits:
|
||||
|
||||
@@ -1,21 +1,21 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
digest: sha256:2463c5c7f9d43539f2f0bda9a59ce391d6c45e328b8a7cbfeae2991128983978
|
||||
generated: "2026-05-18T19:56:49.128641-05:00"
|
||||
version: 0.8.0
|
||||
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
|
||||
generated: "2026-04-13T20:32:54.380897459Z"
|
||||
|
||||
@@ -19,27 +19,27 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: dawarich
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.8.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-storage
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-public
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-watched
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
|
||||
# renovate: datasource=github-releases depName=Freika/dawarich
|
||||
appVersion: 1.7.8
|
||||
appVersion: 1.6.1
|
||||
|
||||
@@ -15,18 +15,6 @@ spec:
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: key
|
||||
- secretKey: otp-primary-key
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: otp-primary-key
|
||||
- secretKey: otp-deterministic-key
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: otp-deterministic-key
|
||||
- secretKey: otp-derivation-salt
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: otp-derivation-salt
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
@@ -50,26 +38,3 @@ spec:
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-metrics-credentials
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-metrics-credentials
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/metrics
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/metrics
|
||||
property: password
|
||||
|
||||
@@ -8,7 +8,7 @@ dawarich:
|
||||
main:
|
||||
image:
|
||||
repository: freikin/dawarich
|
||||
tag: 1.7.8@sha256:dea326d03e728cd3b8d051b72d293cf375d0db6c00e22c55f338daedfdfdb3a4
|
||||
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
|
||||
command:
|
||||
- "web-entrypoint.sh"
|
||||
args:
|
||||
@@ -78,36 +78,11 @@ dawarich:
|
||||
value: 0.0.0.0
|
||||
- name: PROMETHEUS_EXPORTER_PORT
|
||||
value: 9394
|
||||
- name: METRICS_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-metrics-credentials
|
||||
key: user
|
||||
- name: METRICS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-metrics-credentials
|
||||
key: password
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: key
|
||||
- name: OTP_ENCRYPTION_PRIMARY_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-primary-key
|
||||
- name: OTP_ENCRYPTION_DETERMINISTIC_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-deterministic-key
|
||||
- name: OTP_ENCRYPTION_KEY_DERIVATION_SALT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-derivation-salt
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
- name: SELF_HOSTED
|
||||
@@ -136,7 +111,7 @@ dawarich:
|
||||
sidekiq:
|
||||
image:
|
||||
repository: freikin/dawarich
|
||||
tag: 1.7.8@sha256:dea326d03e728cd3b8d051b72d293cf375d0db6c00e22c55f338daedfdfdb3a4
|
||||
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
|
||||
command:
|
||||
- "sidekiq-entrypoint.sh"
|
||||
args:
|
||||
@@ -186,12 +161,12 @@ dawarich:
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
@@ -203,36 +178,11 @@ dawarich:
|
||||
value: 0.0.0.0
|
||||
- name: PROMETHEUS_EXPORTER_PORT
|
||||
value: 9394
|
||||
- name: METRICS_USERNAME
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-metrics-credentials
|
||||
key: user
|
||||
- name: METRICS_PASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-metrics-credentials
|
||||
key: password
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
key: key
|
||||
- name: OTP_ENCRYPTION_PRIMARY_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-primary-key
|
||||
- name: OTP_ENCRYPTION_DETERMINISTIC_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-deterministic-key
|
||||
- name: OTP_ENCRYPTION_KEY_DERIVATION_SALT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-derivation-salt
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
- name: SELF_HOSTED
|
||||
@@ -276,13 +226,6 @@ dawarich:
|
||||
interval: 30s
|
||||
scrapeTimeout: 15s
|
||||
path: /metrics
|
||||
basicAuth:
|
||||
password:
|
||||
name: dawarich-metrics-credentials
|
||||
key: password
|
||||
username:
|
||||
name: dawarich-metrics-credentials
|
||||
key: user
|
||||
route:
|
||||
main:
|
||||
kind: HTTPRoute
|
||||
@@ -374,32 +317,32 @@ volsync-target-storage:
|
||||
pvcTarget: dawarich-storage
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 30 8 * * *
|
||||
schedule: 6 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 30 10 * * 0
|
||||
schedule: 6 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 30 9 * * 0
|
||||
schedule: 6 10 * * *
|
||||
volsync-target-public:
|
||||
pvcTarget: dawarich-public
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 35 8 * * *
|
||||
schedule: 8 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 35 10 * * 0
|
||||
schedule: 8 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 35 9 * * 0
|
||||
schedule: 8 10 * * *
|
||||
volsync-target-watched:
|
||||
pvcTarget: dawarich-watched
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 40 8 * * *
|
||||
schedule: 8 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 40 10 * * 0
|
||||
schedule: 8 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 40 9 * * 0
|
||||
schedule: 8 10 * * *
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,15 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: synology-iscsi-config
|
||||
name: synology-iscsi-config-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: synology-iscsi-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: synology-iscsi-config-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: driver-config-file.yaml
|
||||
remoteRef:
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Release.Namespace }}
|
||||
name: democratic-csi-synology-iscsi
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Namespace }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: democratic-csi-synology-iscsi
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
|
||||
@@ -3,7 +3,7 @@ democratic-csi:
|
||||
image:
|
||||
registry: ghcr.io/democratic-csi/democratic-csi
|
||||
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
|
||||
existingConfigSecret: synology-iscsi-config
|
||||
existingConfigSecret: synology-iscsi-config-secret
|
||||
config:
|
||||
driver: synology-iscsi
|
||||
resources:
|
||||
@@ -47,8 +47,6 @@ democratic-csi:
|
||||
fsType: ext4
|
||||
node:
|
||||
hostPID: true
|
||||
rbac:
|
||||
enabled: true
|
||||
driver:
|
||||
extraEnv:
|
||||
- name: ISCSIADM_HOST_STRATEGY
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -10,7 +10,7 @@ descheduler:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 50Mi
|
||||
deschedulingInterval: 2m
|
||||
deschedulingInterval: 5m
|
||||
replicas: 3
|
||||
leaderElection:
|
||||
enabled: true
|
||||
@@ -51,13 +51,13 @@ descheduler:
|
||||
- name: LowNodeUtilization
|
||||
args:
|
||||
thresholds:
|
||||
cpu: 30
|
||||
memory: 30
|
||||
pods: 30
|
||||
cpu: 20
|
||||
memory: 20
|
||||
pods: 20
|
||||
targetThresholds:
|
||||
cpu: 45
|
||||
memory: 45
|
||||
pods: 45
|
||||
cpu: 50
|
||||
memory: 50
|
||||
pods: 60
|
||||
plugins:
|
||||
balance:
|
||||
enabled:
|
||||
|
||||
@@ -1,18 +1,12 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
digest: sha256:984ca917152c95f2e7f0cd9467a952f24adc0c53f5fc521c2f0395174ec9aab7
|
||||
generated: "2026-05-19T16:29:28.911319575Z"
|
||||
version: 0.6.1
|
||||
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329
|
||||
generated: "2026-04-13T20:33:13.909018545Z"
|
||||
|
||||
@@ -5,37 +5,28 @@ description: Directus
|
||||
keywords:
|
||||
- directus
|
||||
- content-management-system
|
||||
home: https://docs.alexlebens.dev/applications/directus/
|
||||
home: https://docs.alexlebens.dev/applications/descheduler/
|
||||
sources:
|
||||
- https://github.com/directus/directus
|
||||
- https://github.com/directus/directus/pkgs/container/directus
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: app-template
|
||||
alias: directus
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.8.0
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: rclone-bucket
|
||||
alias: rclone-directus-assets-remote
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
- name: rclone-bucket
|
||||
alias: rclone-directus-assets-external
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.11.4
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
|
||||
# renovate: datasource=github-releases depName=directus/directus
|
||||
appVersion: 11.17.4
|
||||
appVersion: 11.17.3
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,20 +5,13 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/key
|
||||
property: key
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/key
|
||||
property: secret
|
||||
- secretKey: admin-email
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
@@ -27,6 +20,38 @@ spec:
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: admin-password
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: secret
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /authentik/oidc/directus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /authentik/oidc/directus
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
@@ -36,67 +61,18 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-metric-token
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: metric-token
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/metrics
|
||||
property: metric-token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-valkey-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-valkey-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
- secretKey: default
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/directus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/directus
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
@@ -105,11 +81,12 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-bucket-garage
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
@@ -123,3 +100,31 @@ spec:
|
||||
remoteRef:
|
||||
key: /garage/home-infra/directus-assets
|
||||
property: ACCESS_REGION
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-valkey-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-valkey-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: default
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
|
||||
@@ -8,7 +8,7 @@ directus:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/directus/directus
|
||||
tag: 11.17.4@sha256:eb326f679ae847c0a776f93b972761dc2ebe84980e0b9d274a6bc31cd62809f7
|
||||
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5
|
||||
env:
|
||||
- name: PUBLIC_URL
|
||||
value: https://directus.alexlebens.net
|
||||
@@ -113,12 +113,12 @@ directus:
|
||||
- name: AUTH_AUTHENTIK_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-oidc-authentik
|
||||
name: directus-oidc-secret
|
||||
key: OIDC_CLIENT_ID
|
||||
- name: AUTH_AUTHENTIK_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-oidc-authentik
|
||||
name: directus-oidc-secret
|
||||
key: OIDC_CLIENT_SECRET
|
||||
- name: AUTH_AUTHENTIK_SCOPE
|
||||
value: openid profile email
|
||||
@@ -210,48 +210,7 @@ valkey:
|
||||
aclUsers:
|
||||
default:
|
||||
permissions: "~* &* +@all"
|
||||
rclone-directus-assets-remote:
|
||||
nameOverride: directus-assets-remote-rclone
|
||||
cronJob:
|
||||
suspend: false
|
||||
schedule: 30 6 * * 2
|
||||
rclone:
|
||||
source:
|
||||
bucketName: directus-assets
|
||||
destination:
|
||||
bucketName: directus-assets
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/directus-assets
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /garage/home-infra/directus-assets
|
||||
config:
|
||||
path: /garage/config
|
||||
rclone-directus-assets-external:
|
||||
nameOverride: directus-assets-external-rclone
|
||||
cronJob:
|
||||
suspend: false
|
||||
schedule: 0 6 * * 2
|
||||
rclone:
|
||||
source:
|
||||
bucketName: directus-assets
|
||||
destination:
|
||||
bucketName: directus-assets-37363a16b71dc59b
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/directus-assets
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /backblaze/home-infra/directus-assets
|
||||
config:
|
||||
path: /backblaze/config
|
||||
endpointProperty: ENDPOINT
|
||||
# No option to configure metrics when auth is enabled
|
||||
# https://github.com/valkey-io/valkey-helm/issues/135
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: eck-operator
|
||||
repository: https://helm.elastic.co
|
||||
version: 3.4.0
|
||||
digest: sha256:b4787630154471f65ceeb12f65fa24616eab9470e61e089b8e656e42f05f74f1
|
||||
generated: "2026-05-06T19:10:32.416627028Z"
|
||||
version: 3.3.2
|
||||
digest: sha256:ac7a849a6d8244ef56c11f18438c4c76133f92d245228c5a1c8369d42562c177
|
||||
generated: "2026-04-01T21:30:02.975920565Z"
|
||||
|
||||
@@ -14,8 +14,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: eck-operator
|
||||
version: 3.4.0
|
||||
version: 3.3.2
|
||||
repository: https://helm.elastic.co
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png
|
||||
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s
|
||||
appVersion: v3.4.0
|
||||
appVersion: v3.3.2
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,5 +1,6 @@
|
||||
eck-operator:
|
||||
managedNamespaces:
|
||||
- stalwart
|
||||
- tubearchivist
|
||||
installCRDs: true
|
||||
replicaCount: 2
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
dependencies:
|
||||
- name: element-web
|
||||
repository: https://ananace.gitlab.io/charts
|
||||
version: 1.4.36
|
||||
version: 1.4.34
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
digest: sha256:37a41dfedd352f4122d78d17f4f3b7a703055553c45983bca0aa377cdd599fa2
|
||||
generated: "2026-05-18T02:02:39.83645496Z"
|
||||
version: 2.5.0
|
||||
digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe
|
||||
generated: "2026-04-10T01:17:19.932208699Z"
|
||||
|
||||
@@ -15,11 +15,11 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: element-web
|
||||
version: 1.4.36
|
||||
version: 1.4.34
|
||||
repository: https://ananace.gitlab.io/charts
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
version: 2.5.0
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
|
||||
# renovate: datasource=github-releases depName=element-hq/element-web
|
||||
appVersion: v1.12.18
|
||||
appVersion: v1.12.15
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -2,7 +2,7 @@ element-web:
|
||||
replicaCount: 1
|
||||
image:
|
||||
repository: ghcr.io/element-hq/element-web
|
||||
tag: v1.12.18@sha256:c21772a1eabeededa19be591343f548995e458ec34ba8f27425ae923c10af82e
|
||||
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed
|
||||
defaultServer:
|
||||
url: https://matrix.alexlebens.dev
|
||||
name: alexlebens.dev
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 1.4.1
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
digest: sha256:70822dce88f0eb843477b28caa6f738d38a6436e6e3a99b0003e3e1da69b8ed9
|
||||
generated: "2026-05-15T00:29:53.572114523Z"
|
||||
version: 4.6.2
|
||||
digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
|
||||
generated: "2026-04-08T21:39:05.689756-05:00"
|
||||
|
||||
@@ -21,7 +21,7 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: eraser-metrics
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
|
||||
# renovate: datasource=github-releases depName=eraser-dev/eraser
|
||||
appVersion: v1.4.1
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -44,13 +44,11 @@ eraser-metrics:
|
||||
type: deployment
|
||||
replicas: 1
|
||||
strategy: Recreate
|
||||
serviceAccount:
|
||||
name: eraser-metrics
|
||||
containers:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
|
||||
tag: 0.152.0@sha256:f358f8028c6eb44f765444de1c8899b4f97d7ba54be5264a8753f2c182bc5757
|
||||
tag: 0.150.1@sha256:618f7867e49fdb173d9b46d535b01f82254b0b14beac6ab1f6f2eb8cf62c5d42
|
||||
command:
|
||||
- /otelcol
|
||||
- --config=/conf/otel-collector-config.yaml
|
||||
@@ -85,9 +83,6 @@ eraser-metrics:
|
||||
- otlp
|
||||
exporters:
|
||||
- prometheus
|
||||
serviceAccount:
|
||||
eraser:
|
||||
enabled: true
|
||||
service:
|
||||
main:
|
||||
controller: main
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
digest: sha256:a8a769a74eddcce81dd9c5740ad124125ebfc1a291332c8ed10c0bdc5230a7b4
|
||||
generated: "2026-05-15T00:30:12.00717252Z"
|
||||
version: 4.6.2
|
||||
digest: sha256:e05d84dd266b8b456a8bc7f9a2bb3ab01f4ac926efd1a58cf405b0cdab343d3f
|
||||
generated: "2026-01-17T18:27:08.062835-06:00"
|
||||
|
||||
@@ -5,7 +5,7 @@ description: Excalidraw
|
||||
keywords:
|
||||
- excalidraw
|
||||
- drawing
|
||||
home: https://docs.alexlebens.dev/applications/excalidraw/
|
||||
home: https://docs.alexlebens.dev/applications/eraser/
|
||||
sources:
|
||||
- https://github.com/excalidraw/excalidraw
|
||||
- https://hub.docker.com/r/excalidraw/excalidraw
|
||||
@@ -16,7 +16,7 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: excalidraw
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/excalidraw.png
|
||||
# renovate: datasource=github-releases depName=excalidraw/excalidraw
|
||||
appVersion: v0.18.1
|
||||
appVersion: v0.18.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -8,7 +8,7 @@ excalidraw:
|
||||
main:
|
||||
image:
|
||||
repository: excalidraw/excalidraw
|
||||
tag: latest@sha256:f7ee194addd607bf831d2af0f0a34463dd4225e426cf35199ef0b12a803398e9
|
||||
tag: latest@sha256:20ffa04668e19616bb0c1b3632849e5cd96e0bc7a1336b73d9d072667f2c2854
|
||||
env:
|
||||
- name: NODE_ENV
|
||||
value: production
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: external-dns
|
||||
repository: https://kubernetes-sigs.github.io/external-dns/
|
||||
version: 1.21.1
|
||||
digest: sha256:c0fc34e2a1fd5a100043c2e22130a3a7910019b655c5e69a50424562f4322f5d
|
||||
generated: "2026-05-01T02:29:38.018973854Z"
|
||||
version: 1.20.0
|
||||
digest: sha256:0da4dec408239ea48de1d95fa8ad7701c4fdc0efe67baa8743507c75e62e2a47
|
||||
generated: "2026-01-03T23:04:25.142170083Z"
|
||||
|
||||
@@ -5,7 +5,7 @@ description: External DNS
|
||||
keywords:
|
||||
- external-dns
|
||||
- dns
|
||||
home: https://docs.alexlebens.dev/applications/external-dns/
|
||||
home: https://docs.alexlebens.dev/applications/eraser/
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/external-dns
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
|
||||
@@ -16,7 +16,7 @@ maintainers:
|
||||
dependencies:
|
||||
- name: external-dns
|
||||
alias: external-dns-unifi
|
||||
version: 1.21.1
|
||||
version: 1.20.0
|
||||
repository: https://kubernetes-sigs.github.io/external-dns/
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
|
||||
# renovate: datasource=github-releases depName=kubernetes-sigs/external-dns
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-device-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Unifi UDM
|
||||
@@ -47,7 +48,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: iot-device-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Airgradient
|
||||
@@ -80,18 +82,6 @@ spec:
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.100
|
||||
# HD Homerun
|
||||
- dnsName: dv01hr.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.72
|
||||
# Pi KVM
|
||||
- dnsName: dv02kv.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.71
|
||||
|
||||
---
|
||||
apiVersion: externaldns.k8s.io/v1alpha1
|
||||
@@ -101,7 +91,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: server-host-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Unifi Gateway
|
||||
@@ -134,18 +125,6 @@ spec:
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.52
|
||||
# Desktop
|
||||
- dnsName: pd05wd.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.115
|
||||
# Laptop
|
||||
- dnsName: pl02mc.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.105
|
||||
|
||||
---
|
||||
apiVersion: externaldns.k8s.io/v1alpha1
|
||||
@@ -155,7 +134,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: cluster-service-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Treafik Proxy
|
||||
|
||||
@@ -5,13 +5,14 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns-unifi-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: api-key
|
||||
remoteRef:
|
||||
key: /unifi/users/cl01tl
|
||||
key: /unifi/auth/cl01tl
|
||||
property: api-key
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
repository: https://charts.external-secrets.io
|
||||
version: 2.5.0
|
||||
digest: sha256:8aa24d4e44c2d9ff6a88a4d126ca3ae6ec2e960b87e9a34a2862e7dca157404f
|
||||
generated: "2026-05-15T16:12:48.985351129Z"
|
||||
version: 2.3.0
|
||||
digest: sha256:fedb79c937be24d4bb72f665122b468b445de95f3f02de419903e3136186e42f
|
||||
generated: "2026-04-10T15:10:52.488487421Z"
|
||||
|
||||
@@ -14,8 +14,8 @@ sources:
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
alias: external-secrets
|
||||
version: 2.5.0
|
||||
version: 2.3.0
|
||||
repository: https://charts.external-secrets.io
|
||||
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
|
||||
# renovate: datasource=github-releases depName=external-secrets/external-secrets
|
||||
appVersion: vv2.5.0
|
||||
appVersion: v2.3.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,12 +5,13 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-secrets
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -1,11 +1,33 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: vault
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: vault
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: http://vault-internal.vault:8200
|
||||
path: secret
|
||||
auth:
|
||||
tokenSecretRef:
|
||||
namespace: vault
|
||||
name: vault-token
|
||||
key: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
@@ -17,7 +39,7 @@ spec:
|
||||
mountPath: kubernetes
|
||||
role: external-secrets
|
||||
serviceAccountRef:
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Name }}
|
||||
audiences:
|
||||
- openbao
|
||||
|
||||
@@ -2,7 +2,7 @@ external-secrets:
|
||||
replicaCount: 3
|
||||
image:
|
||||
repository: ghcr.io/external-secrets/external-secrets
|
||||
tag: v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||
installCRDs: true
|
||||
crds:
|
||||
createClusterExternalSecret: true
|
||||
@@ -29,7 +29,7 @@ external-secrets:
|
||||
webhook:
|
||||
image:
|
||||
repository: ghcr.io/external-secrets/external-secrets
|
||||
tag: v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
@@ -37,7 +37,7 @@ external-secrets:
|
||||
certController:
|
||||
image:
|
||||
repository: ghcr.io/external-secrets/external-secrets
|
||||
tag: v2.5.0@sha256:45e7bee4e743331288df01efce0e35b41738cffdc89c86a235359a5153257489
|
||||
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
|
||||
@@ -1,12 +1,12 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
version: 2.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
digest: sha256:5637258c6907d062d327578a8b4f6a97112446f2f1ef2f1085e9317baba49310
|
||||
generated: "2026-05-18T02:02:50.886833918Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:06e321d19ffe0df94b3cd6bcc306804729710f74ca2f9962652628377836c33e
|
||||
generated: "2026-04-11T15:26:16.743784-05:00"
|
||||
|
||||
@@ -18,13 +18,13 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: foldergram
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
version: 2.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-db
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
|
||||
# renovate: datasource=github-releases depName=foldergram/foldergram
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.storageMiaNfsName" -}}
|
||||
foldergram-pictures-collection-mia-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.storageMiaNfsName" . }}
|
||||
name: foldergram-pictures-collections-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.storageMiaNfsName" . }}
|
||||
volumeName: foldergram-pictures-collections-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.storageMiaNfsName" . }}
|
||||
name: foldergram-pictures-collections-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -14,7 +15,7 @@ spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: '/volume2/Storage/Pictures/Collections/Minneapolis Institute of Art'
|
||||
path: /volume2/Storage/Pictures/Collections
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
|
||||
@@ -17,7 +17,7 @@ foldergram:
|
||||
- name: IMAGE_DETAIL_SOURCE
|
||||
value: original
|
||||
- name: DERIVATIVE_MODE
|
||||
value: lazy
|
||||
value: eager
|
||||
- name: DATA_ROOT
|
||||
value: ./data
|
||||
- name: GALLERY_ROOT
|
||||
@@ -70,27 +70,27 @@ foldergram:
|
||||
forceRename: foldergram-data
|
||||
storageClass: synology-iscsi-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 500Gi
|
||||
size: 250Gi
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /app/data
|
||||
readOnly: false
|
||||
pictures-mia:
|
||||
existingClaim: foldergram-pictures-collection-mia-nfs-storage
|
||||
pictures:
|
||||
existingClaim: foldergram-pictures-collections-nfs-storage
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: '/gallery/Minneapolis Institute of Art'
|
||||
- path: /gallery
|
||||
readOnly: true
|
||||
volsync-target-db:
|
||||
pvcTarget: foldergram-db
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 0 8 * * *
|
||||
schedule: 46 11 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 0 10 * * 1
|
||||
schedule: 46 12 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 0 9 * * 1
|
||||
schedule: 46 13 * * *
|
||||
|
||||
@@ -1,15 +1,15 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.0.0
|
||||
digest: sha256:84e460d3ab6bb300c80858d3261d8a8e4395e3e1d099b7aed4f9e8d68dca54ac
|
||||
generated: "2026-05-19T16:29:45.768206873Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:2a13aac2d207555bf33ee01db493d210e860e660433cd6f5b9b67fadf91f8f74
|
||||
generated: "2026-04-10T01:17:32.585138713Z"
|
||||
|
||||
@@ -19,18 +19,18 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: freshrss
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 3.3.1
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.15.0
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 2.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
|
||||
# renovate: datasource=github-releases depName=FreshRSS/FreshRSS
|
||||
appVersion: 1.29.0
|
||||
appVersion: 1.28.1
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,52 +1,54 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-install-config
|
||||
name: freshrss-install-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-install-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: freshrss-install-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ADMIN_EMAIL
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-email
|
||||
property: ADMIN_EMAIL
|
||||
- secretKey: ADMIN_PASSWORD
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-password
|
||||
property: ADMIN_PASSWORD
|
||||
- secretKey: ADMIN_API_PASSWORD
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-api-password
|
||||
property: ADMIN_API_PASSWORD
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-oidc-authentik
|
||||
name: freshrss-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: freshrss-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/freshrss
|
||||
key: /authentik/oidc/freshrss
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/freshrss
|
||||
key: /authentik/oidc/freshrss
|
||||
property: secret
|
||||
- secretKey: OIDC_CLIENT_CRYPTO_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/key
|
||||
property: oidc-client-crypto-key
|
||||
key: /authentik/oidc/freshrss
|
||||
property: crypto-key
|
||||
|
||||
@@ -8,7 +8,7 @@ freshrss:
|
||||
main:
|
||||
image:
|
||||
repository: freshrss/freshrss
|
||||
tag: 1.29.0@sha256:cca8988d05cd449e1c6c69405971b1e6fc2c2116ceeb45c9fa3fc33837997a75
|
||||
tag: 1.28.1@sha256:9100f649f5c946f589f54cdb9be7a65996528f48f691ef90eb262a0e06e5a522
|
||||
env:
|
||||
- name: PGID
|
||||
value: "568"
|
||||
@@ -73,9 +73,9 @@ freshrss:
|
||||
value: preferred_username
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: freshrss-oidc-authentik
|
||||
name: freshrss-oidc-secret
|
||||
- secretRef:
|
||||
name: freshrss-install-config
|
||||
name: freshrss-install-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
@@ -126,10 +126,10 @@ volsync-target-data:
|
||||
fsGroupChangePolicy: OnRootMismatch
|
||||
local:
|
||||
enabled: true
|
||||
schedule: 5 8 * * *
|
||||
schedule: 18 8 * * *
|
||||
remote:
|
||||
enabled: true
|
||||
schedule: 5 10 * * 1
|
||||
schedule: 18 9 * * *
|
||||
external:
|
||||
enabled: true
|
||||
schedule: 5 9 * * 1
|
||||
schedule: 18 10 * * *
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
digest: sha256:3f06ada15810597c2673ed3de9e9fdabf21a6d42273b736a15759c21b889024a
|
||||
generated: "2026-05-15T00:31:00.309678009Z"
|
||||
version: 4.6.2
|
||||
digest: sha256:86536c14fa61870a64540b77f65afae8f4308e41a66eefae7fe85b83bf0df30e
|
||||
generated: "2026-01-16T18:46:33.321938614Z"
|
||||
|
||||
@@ -18,7 +18,7 @@ dependencies:
|
||||
- name: app-template
|
||||
alias: garage
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 5.0.1
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
|
||||
# renovate: datasource=docker depName=dxflrs/garage
|
||||
appVersion: v2.3.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,25 +1,26 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-token
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: garage-token-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: GARAGE_RPC_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: rpc-secret
|
||||
key: /cl01tl/garage/token
|
||||
property: rpc
|
||||
- secretKey: GARAGE_ADMIN_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: admin-token
|
||||
key: /cl01tl/garage/token
|
||||
property: admin
|
||||
- secretKey: GARAGE_METRICS_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: metrics-token
|
||||
key: /cl01tl/garage/token
|
||||
property: metric
|
||||
|
||||
@@ -6,7 +6,8 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-main
|
||||
app.kubernetes.io/service: garage-main
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
ports:
|
||||
- name: admin
|
||||
@@ -26,6 +27,6 @@ spec:
|
||||
protocol: TCP
|
||||
targetPort: 3902
|
||||
selector:
|
||||
app.kubernetes.io/name: garage
|
||||
app.kubernetes.io/instance: garage
|
||||
app.kubernetes.io/name: garage
|
||||
garage-type: server
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user