Compare commits
1 Commits
renovate/u
...
3d8fe7224d
| Author | SHA1 | Date | |
|---|---|---|---|
3d8fe7224d
|
@@ -169,10 +169,9 @@ jobs:
|
||||
|
||||
echo ">> Running linting on changed charts ..."
|
||||
|
||||
lint_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
local CHART_NAME=$(basename "${CHART_PATH}")
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
CHART_NAME=$(basename "${CHART_PATH}")
|
||||
|
||||
if [ -f "${CHART_PATH}/Chart.yaml" ]; then
|
||||
echo ""
|
||||
@@ -183,8 +182,15 @@ jobs:
|
||||
echo ">> Linting helm chart ${CHART_NAME} ..."
|
||||
|
||||
if ! helm lint "${CHART_PATH}" --namespace "default"; then
|
||||
echo "${DIR}" > ".failed_chart_${CHART_NAME}"
|
||||
return 1
|
||||
EXIT_CODE=1
|
||||
|
||||
if [ -z "${FAILED_CHARTS}" ]; then
|
||||
FAILED_CHARTS="${DIR}"
|
||||
|
||||
else
|
||||
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
else
|
||||
@@ -192,20 +198,8 @@ jobs:
|
||||
echo ">> Directory ${CHART_PATH} does not contain a Chart.yaml. Skipping ..."
|
||||
|
||||
fi
|
||||
}
|
||||
|
||||
export -f lint_chart
|
||||
export CLUSTER
|
||||
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -P 4 -I {} bash -c 'OUT=$(lint_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||
|
||||
if ls .failed_chart_* 1> /dev/null 2>&1; then
|
||||
EXIT_CODE=1
|
||||
FAILED_CHARTS=$(cat .failed_chart_* | paste -sd ',' - | sed 's/,/, /g')
|
||||
rm -f .failed_chart_*
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
@@ -335,9 +329,8 @@ jobs:
|
||||
EXIT_CODE=0
|
||||
FAILED_CHARTS=""
|
||||
|
||||
validate_chart() {
|
||||
local DIR="$1"
|
||||
local CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
CHART_PATH="clusters/${CLUSTER}/helm/${DIR}"
|
||||
echo ""
|
||||
echo ">> Validating: ${DIR}"
|
||||
|
||||
@@ -350,23 +343,18 @@ jobs:
|
||||
-strict \
|
||||
-summary; then
|
||||
|
||||
echo "${DIR}" > ".failed_chart_${DIR}"
|
||||
return 1
|
||||
EXIT_CODE=1
|
||||
|
||||
if [ -z "${FAILED_CHARTS}" ]; then
|
||||
FAILED_CHARTS="${DIR}"
|
||||
|
||||
else
|
||||
FAILED_CHARTS="${FAILED_CHARTS}, ${DIR}"
|
||||
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
export -f validate_chart
|
||||
export CLUSTER SCHEMA_LOCATIONS
|
||||
|
||||
for DIR in ${CHANGED_CHARTS}; do
|
||||
echo "${DIR}"
|
||||
done | xargs -P 4 -I {} bash -c 'OUT=$(validate_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
|
||||
|
||||
if ls .failed_chart_* 1> /dev/null 2>&1; then
|
||||
EXIT_CODE=1
|
||||
FAILED_CHARTS=$(cat .failed_chart_* | paste -sd ',' - | sed 's/,/, /g')
|
||||
rm -f .failed_chart_*
|
||||
fi
|
||||
done
|
||||
|
||||
echo ""
|
||||
echo "----"
|
||||
|
||||
@@ -12,8 +12,8 @@ on:
|
||||
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-js
|
||||
container: ghcr.io/renovatebot/renovate:43.145.0@sha256:5e024261a94758005b772fd55a8ee2e8f9a8a308c438a5a08e411bb1b44d1a17
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.138.2@sha256:79765b2442117d5c87e17456aa79ae54b4e0e2a4d9212a10508e233706375556
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -2,8 +2,5 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:ee1ff98af82f76ddf0b672abf9f4973ae41faff3cd61d81849f496c089cfdbd3
|
||||
generated: "2026-04-26T14:57:34.863614-05:00"
|
||||
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
|
||||
generated: "2026-04-18T20:15:22.778699-05:00"
|
||||
|
||||
@@ -18,10 +18,10 @@ dependencies:
|
||||
alias: actual
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 1.0.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
# - name: volsync-target
|
||||
# alias: volsync-target-data
|
||||
# version: 0.8.0
|
||||
# repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
# renovate: datasource=github-releases depName=actualbudget/actual
|
||||
appVersion: 26.4.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.5.4
|
||||
digest: sha256:3d21f3de99812af73615ef0e75f835d41d49b81a840107194b44e06057d7311f
|
||||
generated: "2026-04-24T18:07:49.106452954Z"
|
||||
version: 9.5.2
|
||||
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
|
||||
generated: "2026-04-19T19:53:40.43789-05:00"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
version: 9.5.4
|
||||
version: 9.5.2
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
# renovate: datasource=github-releases depName=argoproj/argo-cd
|
||||
appVersion: v3.3.8
|
||||
appVersion: v3.3.7
|
||||
|
||||
@@ -1,108 +0,0 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: haproxy
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: haproxy
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
groups:
|
||||
- name: EmbeddedExporter
|
||||
rules:
|
||||
- alert: HAProxyHighHTTP4xxErrorRateBackend
|
||||
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 4xx error rate backend (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 4xx (> 5%) on backend {{ `{{ $labels.proxy }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyHighHTTP5xxErrorRateBackend
|
||||
expr: ((sum by (proxy) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (proxy) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (proxy) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 5xx error rate backend (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 5xx (> 5%) on backend {{ `{{ $labels.proxy }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyHighHTTP4xxErrorRateServer
|
||||
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="4xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 4xx error rate server (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 4xx (> 5%) on server {{ `{{ $labels.server }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyHighHTTP5xxErrorRateServer
|
||||
expr: ((sum by (server) (rate(haproxy_server_http_responses_total{code="5xx"}[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100) > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy high HTTP 5xx error rate server (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many HTTP requests with status 5xx (> 5%) on server {{ `{{ $labels.server }}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyServerResponseErrors
|
||||
expr: (sum by (server) (rate(haproxy_server_response_errors_total[1m])) / sum by (server) (rate(haproxy_server_http_responses_total[1m]))) * 100 > 5 and sum by (server) (rate(haproxy_server_http_responses_total[1m])) > 0
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy server response errors (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many response errors to {{ `{{ $labels.server }}` }} server (> 5%).\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyBackendConnectionErrors
|
||||
expr: (sum by (proxy) (rate(haproxy_backend_connection_errors_total[1m]))) > 100
|
||||
for: 1m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy backend connection errors (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many connection errors to {{ `{{ $labels.proxy }}` }} backend (> 100 req/s). Request throughput may be too high.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyServerConnectionErrors
|
||||
expr: (sum by (proxy) (rate(haproxy_server_connection_errors_total[1m]))) > 100
|
||||
for: 0m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: HAProxy server connection errors (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Too many connection errors to {{ `{{ $labels.proxy }}` }} (> 100 req/s). Request throughput may be too high.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyBackendMaxActiveSession>80%
|
||||
expr: (haproxy_backend_current_sessions / haproxy_backend_limit_sessions * 100) > 80 and haproxy_backend_limit_sessions > 0
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy backend max active session > 80% (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Session limit from backend {{ `{{ $labels.proxy }}` }} reached 80% of limit - {{ `{{ $value | printf \"%.2f\"}}` }}%\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyPendingRequests
|
||||
expr: sum by (proxy) (haproxy_backend_current_queue) > 0
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy pending requests (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Some HAProxy requests are pending on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyRetryHigh
|
||||
expr: sum by (proxy) (rate(haproxy_backend_retry_warnings_total[1m])) > 10
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy retry high (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "High rate of retry on {{ `{{ $labels.proxy }}` }} - {{ `{{ $value | printf \"%.2f\"}}` }}\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyFrontendSecurityBlockedRequests
|
||||
expr: sum by (proxy) (rate(haproxy_frontend_denied_connections_total[2m])) > 10
|
||||
for: 2m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy frontend security blocked requests (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "HAProxy is blocking requests for security reason\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: HAProxyServerHealthcheckFailure
|
||||
expr: increase(haproxy_server_check_failures_total[1m]) > 2
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: HAProxy server healthcheck failure (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Some server healthcheck are failing on {{ `{{ $labels.server }}` }} ({{ `{{ $value }}` }} in the last 1m)\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
@@ -103,7 +103,7 @@ argo-cd:
|
||||
enabled: true
|
||||
image:
|
||||
repository: haproxy
|
||||
tag: 3.3.7-alpine@sha256:2afa53c856e4e9fcc7dfb35b807fcb189896d7e62b38d363f9bedea92bce7f9a
|
||||
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
|
||||
resources:
|
||||
requests:
|
||||
cpu: 5m
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:c6af4b1dd96410281d53ff8f63235bc79bd9a1d493d6da097d9e4ff088e09538
|
||||
generated: "2026-04-26T14:57:40.219612-05:00"
|
||||
version: 0.8.0
|
||||
digest: sha256:7ee4cfdf7f908401c39b3cda0cf8783b25dcb9cf93e7c911609bab9e303ec5bf
|
||||
generated: "2026-03-06T01:05:03.534042627Z"
|
||||
|
||||
@@ -24,12 +24,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-metadata
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
|
||||
appVersion: 2.34.0
|
||||
appVersion: 2.33.2
|
||||
|
||||
@@ -15,13 +15,9 @@ spec:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
ntfy-url: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}"
|
||||
ntfy-url: "{{ `{{ .endpoint }}` }}/audiobookshelf"
|
||||
data:
|
||||
- secretKey: endpoint
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: internal-endpoint-credential
|
||||
- secretKey: topic
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/topics
|
||||
property: audiobookshelf
|
||||
|
||||
@@ -12,7 +12,7 @@ audiobookshelf:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/advplyr/audiobookshelf
|
||||
tag: 2.34.0@sha256:4143292c530f6ac6700afd13360c04f477e4f1a81c1c97c4224b1c7e4330c5c4
|
||||
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -23,7 +23,7 @@ audiobookshelf:
|
||||
apprise-api:
|
||||
image:
|
||||
repository: ghcr.io/caronc/apprise
|
||||
tag: v1.4.0@sha256:9d97a6b9b42cf6afdf3b5466dbed2a59cd42a4bb777ec6aa57b5f2ee623569eb
|
||||
tag: v1.3.3@sha256:4bfeac268ba87b8e08e308c9aa0182fe99e9501ec464027afc333d1634e65977
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 2026.2.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
digest: sha256:d1dbca83e5b63a58a9bf9f2903d1b45bbadca3e8599541367bc61ef2ce938cdb
|
||||
generated: "2026-04-24T21:50:21.398658595Z"
|
||||
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d
|
||||
generated: "2026-04-13T20:32:12.748342469Z"
|
||||
|
||||
@@ -22,10 +22,10 @@ dependencies:
|
||||
repository: https://charts.goauthentik.io/
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
|
||||
@@ -5,8 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
spec:
|
||||
@@ -25,4 +25,4 @@ spec:
|
||||
service:
|
||||
name: authentik-server
|
||||
port:
|
||||
name: http
|
||||
number: 80
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:4c3010c4ef30f7baaad7564d1fda9bdfe18184fab0e3f47a8a1f4c74e340e557
|
||||
generated: "2026-04-24T22:50:23.056323614Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:f203538010828e77336f3cf39451a1072c90aeb8ece7c173a3476c49883b46d1
|
||||
generated: "2026-03-06T01:05:24.935421139Z"
|
||||
|
||||
@@ -20,11 +20,11 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/backrest.png
|
||||
# renovate: datasource=github-releases depName=garethgeorge/backrest
|
||||
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:ee94a588fa517303597c8a6159befdbac00b651afc5c1d7c779b3cb28d3ba8c6
|
||||
generated: "2026-04-24T22:50:33.529825344Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:ce88e4cd451613c9dbc25d285700970789ff678452ef277f3c8465dbf6157f1f
|
||||
generated: "2026-03-06T01:05:44.405374459Z"
|
||||
|
||||
@@ -24,7 +24,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: volsync-target
|
||||
alias: volsync-target-config
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
|
||||
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,44 +0,0 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: cert-manager
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: cert-manager
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
groups:
|
||||
- name: EmbeddedExporter
|
||||
rules:
|
||||
- alert: Cert-ManagerAbsent
|
||||
expr: absent(up{job="cert-manager"})
|
||||
for: 10m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: Cert-Manager absent (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Cert-Manager has disappeared from Prometheus service discovery. New certificates will not be able to be minted, and existing ones can't be renewed until cert-manager is back.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: Cert-ManagerCertificateExpiringSoon
|
||||
expr: avg by (exported_namespace, namespace, name) (certmanager_certificate_expiration_timestamp_seconds - time()) < (21 * 24 * 3600)
|
||||
for: 1h
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Cert-Manager certificate expiring soon (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "The certificate {{ `{{ $labels.name }}` }} is expiring in less than 21 days.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: Cert-ManagerCertificateNotReady
|
||||
expr: max by (name, exported_namespace, namespace, condition) (certmanager_certificate_ready_status{condition!="True"} == 1)
|
||||
for: 10m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: Cert-Manager certificate not ready (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "The certificate {{ `{{ $labels.name }}` }} in namespace {{ `{{ $labels.exported_namespace }}` }} is not ready to serve traffic.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: Cert-ManagerHittingACMERateLimits
|
||||
expr: sum by (host) (rate(certmanager_acme_client_request_count{status="429"}[5m])) > 0
|
||||
for: 5m
|
||||
labels:
|
||||
severity: critical
|
||||
annotations:
|
||||
summary: Cert-Manager hitting ACME rate limits (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Cert-Manager is being rate-limited by the ACME provider. Certificate issuance and renewal may be blocked for up to a week.\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
@@ -20,6 +20,8 @@ spec:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- kind: Service
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: hubble-ui
|
||||
port: 80
|
||||
weight: 100
|
||||
|
||||
@@ -5,11 +5,5 @@ dependencies:
|
||||
- name: plugin-barman-cloud
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
version: 0.6.0
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.3
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.3
|
||||
digest: sha256:75d7078b7009082521a1bb8b49141e20b442343dabe7f76f5e7a16a352cfe205
|
||||
generated: "2026-04-26T15:36:31.678086-05:00"
|
||||
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3
|
||||
generated: "2026-04-14T09:03:10.332065288Z"
|
||||
|
||||
@@ -13,7 +13,6 @@ sources:
|
||||
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
|
||||
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
|
||||
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
@@ -23,14 +22,6 @@ dependencies:
|
||||
- name: plugin-barman-cloud
|
||||
version: 0.6.0
|
||||
repository: https://cloudnative-pg.io/charts/
|
||||
- name: rclone-bucket
|
||||
alias: rclone-postgres-backups-remote
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.3
|
||||
- name: rclone-bucket
|
||||
alias: rclone-postgres-backups-external
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.3
|
||||
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png
|
||||
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
|
||||
appVersion: 1.29.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -14,62 +14,3 @@ plugin-barman-cloud:
|
||||
requests:
|
||||
cpu: 1m
|
||||
memory: 20Mi
|
||||
rclone-postgres-backups-remote:
|
||||
nameOverride: postgres-backups-remote-rclone
|
||||
cronJob:
|
||||
suspend: false
|
||||
schedule: 0 6 * * 6
|
||||
rclone:
|
||||
source:
|
||||
bucketName: postgres-backups
|
||||
destination:
|
||||
bucketName: postgres-backups
|
||||
prune:
|
||||
enabled: true
|
||||
ageToPrune: 45d
|
||||
include: "/cl01tl/*/*/*/base/**"
|
||||
exclude: "**/walls/**"
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/postgres-backups
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /garage/home-infra/postgres-backups
|
||||
config:
|
||||
path: /garage/config
|
||||
rclone-postgres-backups-external:
|
||||
nameOverride: postgres-backups-external-rclone
|
||||
cronJob:
|
||||
suspend: true
|
||||
schedule: 0 6 * * 6
|
||||
rclone:
|
||||
source:
|
||||
bucketName: openbao-backups
|
||||
destination:
|
||||
bucketName: postgres-backups-ecc1010276b61716
|
||||
providerType: DigitalOcean
|
||||
prune:
|
||||
enabled: true
|
||||
ageToPrune: 45d
|
||||
include: "/cl01tl/*/*/*/base/**"
|
||||
exclude: "**/walls/**"
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/postgres-backups
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /digital-ocean/home-infra/postgres-backups
|
||||
keyIdProperty: AWS_ACCESS_KEY_ID
|
||||
secretKeyProperty: AWS_SECRET_ACCESS_KEY
|
||||
regionProperty: AWS_REGION
|
||||
config:
|
||||
path: /digital-ocean/config
|
||||
endpointProperty: ENDPOINT
|
||||
|
||||
@@ -17,4 +17,4 @@ dependencies:
|
||||
repository: https://coredns.github.io/helm
|
||||
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png
|
||||
# renovate: datasource=github-releases depName=coredns/coredns
|
||||
appVersion: v1.14.3
|
||||
appVersion: v1.14.2
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -4,18 +4,18 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:675bca89787669fd5b23eb2d4b49a44acee2556044982bb634f678a39cec7db4
|
||||
generated: "2026-04-24T22:50:43.987901153Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
|
||||
generated: "2026-04-13T20:32:54.380897459Z"
|
||||
|
||||
@@ -22,7 +22,7 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
@@ -30,16 +30,16 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-storage
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-public
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-watched
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
|
||||
# renovate: datasource=github-releases depName=Freika/dawarich
|
||||
appVersion: 1.7.0
|
||||
appVersion: 1.6.1
|
||||
|
||||
@@ -15,18 +15,6 @@ spec:
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: key
|
||||
- secretKey: otp-primary-key
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: otp-primary-key
|
||||
- secretKey: otp-deterministic-key
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: otp-deterministic-key
|
||||
- secretKey: otp-derivation-salt
|
||||
remoteRef:
|
||||
key: /cl01tl/dawarich/key
|
||||
property: otp-derivation-salt
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
|
||||
@@ -8,7 +8,7 @@ dawarich:
|
||||
main:
|
||||
image:
|
||||
repository: freikin/dawarich
|
||||
tag: 1.7.0@sha256:7d5f99c61121fcfa4cbdd6a153392630d9f059ffb0156759278d3e049085ec62
|
||||
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
|
||||
command:
|
||||
- "web-entrypoint.sh"
|
||||
args:
|
||||
@@ -83,21 +83,6 @@ dawarich:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: key
|
||||
- name: OTP_ENCRYPTION_PRIMARY_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-primary-key
|
||||
- name: OTP_ENCRYPTION_DETERMINISTIC_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-deterministic-key
|
||||
- name: OTP_ENCRYPTION_KEY_DERIVATION_SALT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-derivation-salt
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
- name: SELF_HOSTED
|
||||
@@ -126,7 +111,7 @@ dawarich:
|
||||
sidekiq:
|
||||
image:
|
||||
repository: freikin/dawarich
|
||||
tag: 1.7.0@sha256:7d5f99c61121fcfa4cbdd6a153392630d9f059ffb0156759278d3e049085ec62
|
||||
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429
|
||||
command:
|
||||
- "sidekiq-entrypoint.sh"
|
||||
args:
|
||||
@@ -176,12 +161,12 @@ dawarich:
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
@@ -196,23 +181,8 @@ dawarich:
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
key: key
|
||||
- name: OTP_ENCRYPTION_PRIMARY_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-primary-key
|
||||
- name: OTP_ENCRYPTION_DETERMINISTIC_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-deterministic-key
|
||||
- name: OTP_ENCRYPTION_KEY_DERIVATION_SALT
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
key: otp-derivation-salt
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
- name: SELF_HOSTED
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,15 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: synology-iscsi-config
|
||||
name: synology-iscsi-config-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: synology-iscsi-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: synology-iscsi-config-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: driver-config-file.yaml
|
||||
remoteRef:
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Release.Namespace }}
|
||||
name: democratic-csi-synology-iscsi
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Namespace }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: democratic-csi-synology-iscsi
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
|
||||
@@ -3,7 +3,7 @@ democratic-csi:
|
||||
image:
|
||||
registry: ghcr.io/democratic-csi/democratic-csi
|
||||
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
|
||||
existingConfigSecret: synology-iscsi-config
|
||||
existingConfigSecret: synology-iscsi-config-secret
|
||||
config:
|
||||
driver: synology-iscsi
|
||||
resources:
|
||||
@@ -47,8 +47,6 @@ democratic-csi:
|
||||
fsType: ext4
|
||||
node:
|
||||
hostPID: true
|
||||
rbac:
|
||||
enabled: true
|
||||
driver:
|
||||
extraEnv:
|
||||
- name: ISCSIADM_HOST_STRATEGY
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -4,12 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
- name: rclone-bucket
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.3
|
||||
digest: sha256:df3b79c6b8868d749d98d232741fef4a26b73894bce3bf4588581340c15fc3da
|
||||
generated: "2026-04-26T21:06:27.85398357Z"
|
||||
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329
|
||||
generated: "2026-04-13T20:33:13.909018545Z"
|
||||
|
||||
@@ -5,14 +5,13 @@ description: Directus
|
||||
keywords:
|
||||
- directus
|
||||
- content-management-system
|
||||
home: https://docs.alexlebens.dev/applications/directus/
|
||||
home: https://docs.alexlebens.dev/applications/descheduler/
|
||||
sources:
|
||||
- https://github.com/directus/directus
|
||||
- https://github.com/directus/directus/pkgs/container/directus
|
||||
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
|
||||
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/rclone-bucket
|
||||
maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
@@ -22,16 +21,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey
|
||||
version: 0.6.1
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: rclone-bucket
|
||||
alias: rclone-directus-assets-remote
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.4.3
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
|
||||
# renovate: datasource=github-releases depName=directus/directus
|
||||
appVersion: 11.17.3
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,20 +5,13 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/key
|
||||
property: key
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/key
|
||||
property: secret
|
||||
- secretKey: admin-email
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
@@ -27,6 +20,38 @@ spec:
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: admin-password
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: secret
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /authentik/oidc/directus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /authentik/oidc/directus
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
@@ -36,67 +61,18 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-metric-token
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: metric-token
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/metrics
|
||||
property: metric-token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-valkey-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-valkey-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
- secretKey: default
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/directus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/directus
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
@@ -105,11 +81,12 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-bucket-garage
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
@@ -123,3 +100,31 @@ spec:
|
||||
remoteRef:
|
||||
key: /garage/home-infra/directus-assets
|
||||
property: ACCESS_REGION
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-valkey-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-valkey-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: default
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
|
||||
@@ -113,12 +113,12 @@ directus:
|
||||
- name: AUTH_AUTHENTIK_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-oidc-authentik
|
||||
name: directus-oidc-secret
|
||||
key: OIDC_CLIENT_ID
|
||||
- name: AUTH_AUTHENTIK_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-oidc-authentik
|
||||
name: directus-oidc-secret
|
||||
key: OIDC_CLIENT_SECRET
|
||||
- name: AUTH_AUTHENTIK_SCOPE
|
||||
value: openid profile email
|
||||
@@ -214,24 +214,3 @@ valkey:
|
||||
# https://github.com/valkey-io/valkey-helm/issues/135
|
||||
metrics:
|
||||
enabled: false
|
||||
rclone-directus-assets-remote:
|
||||
cronJob:
|
||||
suspend: false
|
||||
schedule: 0 0 * * *
|
||||
rclone:
|
||||
source:
|
||||
bucketName: directus-assets
|
||||
destination:
|
||||
bucketName: directus-assets
|
||||
secret:
|
||||
externalSecret:
|
||||
source:
|
||||
credentials:
|
||||
path: /garage/home-infra/directus-assets
|
||||
config:
|
||||
path: /garage/config
|
||||
destination:
|
||||
credentials:
|
||||
path: /garage/home-infra/directus-assets
|
||||
config:
|
||||
path: /garage/config
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -4,6 +4,6 @@ dependencies:
|
||||
version: 1.4.34
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
digest: sha256:e988be9f997351a8f658bf5151ec4fb04ae7d877389c9bf01b7331e1a58005ef
|
||||
generated: "2026-04-24T21:06:15.882448748Z"
|
||||
version: 2.5.0
|
||||
digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe
|
||||
generated: "2026-04-10T01:17:19.932208699Z"
|
||||
|
||||
@@ -19,7 +19,7 @@ dependencies:
|
||||
repository: https://ananace.gitlab.io/charts
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
|
||||
# renovate: datasource=github-releases depName=element-hq/element-web
|
||||
appVersion: v1.12.15
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,7 @@ description: Excalidraw
|
||||
keywords:
|
||||
- excalidraw
|
||||
- drawing
|
||||
home: https://docs.alexlebens.dev/applications/excalidraw/
|
||||
home: https://docs.alexlebens.dev/applications/eraser/
|
||||
sources:
|
||||
- https://github.com/excalidraw/excalidraw
|
||||
- https://hub.docker.com/r/excalidraw/excalidraw
|
||||
@@ -19,4 +19,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/excalidraw.png
|
||||
# renovate: datasource=github-releases depName=excalidraw/excalidraw
|
||||
appVersion: v0.18.1
|
||||
appVersion: v0.18.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,7 @@ description: External DNS
|
||||
keywords:
|
||||
- external-dns
|
||||
- dns
|
||||
home: https://docs.alexlebens.dev/applications/external-dns/
|
||||
home: https://docs.alexlebens.dev/applications/eraser/
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/external-dns
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-device-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Unifi UDM
|
||||
@@ -47,7 +48,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: iot-device-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Airgradient
|
||||
@@ -80,18 +82,6 @@ spec:
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.100
|
||||
# HD Homerun
|
||||
- dnsName: dv01hr.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.72
|
||||
# Pi KVM
|
||||
- dnsName: dv02kv.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.71
|
||||
|
||||
---
|
||||
apiVersion: externaldns.k8s.io/v1alpha1
|
||||
@@ -101,7 +91,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: server-host-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Unifi Gateway
|
||||
@@ -134,18 +125,6 @@ spec:
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.52
|
||||
# Desktop
|
||||
- dnsName: pd05wd.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.115
|
||||
# Laptop
|
||||
- dnsName: pl02mc.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.105
|
||||
|
||||
---
|
||||
apiVersion: externaldns.k8s.io/v1alpha1
|
||||
@@ -155,7 +134,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: cluster-service-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Treafik Proxy
|
||||
|
||||
@@ -5,13 +5,14 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns-unifi-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: api-key
|
||||
remoteRef:
|
||||
key: /unifi/users/cl01tl
|
||||
key: /unifi/auth/cl01tl
|
||||
property: api-key
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
repository: https://charts.external-secrets.io
|
||||
version: 2.4.0
|
||||
digest: sha256:a31b4ba5b5ec296036576c8d7d26f8b42061eec7142817f9ca0c256a457a2ea1
|
||||
generated: "2026-04-24T19:03:31.856576444Z"
|
||||
version: 2.3.0
|
||||
digest: sha256:fedb79c937be24d4bb72f665122b468b445de95f3f02de419903e3136186e42f
|
||||
generated: "2026-04-10T15:10:52.488487421Z"
|
||||
|
||||
@@ -14,8 +14,8 @@ sources:
|
||||
dependencies:
|
||||
- name: external-secrets
|
||||
alias: external-secrets
|
||||
version: 2.4.0
|
||||
version: 2.3.0
|
||||
repository: https://charts.external-secrets.io
|
||||
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
|
||||
# renovate: datasource=github-releases depName=external-secrets/external-secrets
|
||||
appVersion: v2.4.0
|
||||
appVersion: v2.3.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,12 +5,13 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-secrets
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
||||
@@ -1,11 +1,33 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: vault
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: vault
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: http://vault-internal.vault:8200
|
||||
path: secret
|
||||
auth:
|
||||
tokenSecretRef:
|
||||
namespace: vault
|
||||
name: vault-token
|
||||
key: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
@@ -17,7 +39,7 @@ spec:
|
||||
mountPath: kubernetes
|
||||
role: external-secrets
|
||||
serviceAccountRef:
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Name }}
|
||||
audiences:
|
||||
- openbao
|
||||
|
||||
@@ -2,7 +2,7 @@ external-secrets:
|
||||
replicaCount: 3
|
||||
image:
|
||||
repository: ghcr.io/external-secrets/external-secrets
|
||||
tag: v2.4.0@sha256:d2b74514f63f5b55360d08351f1fe5af3b1db794a81fa10389abe2ff2999c566
|
||||
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||
installCRDs: true
|
||||
crds:
|
||||
createClusterExternalSecret: true
|
||||
@@ -29,7 +29,7 @@ external-secrets:
|
||||
webhook:
|
||||
image:
|
||||
repository: ghcr.io/external-secrets/external-secrets
|
||||
tag: v2.4.0@sha256:d2b74514f63f5b55360d08351f1fe5af3b1db794a81fa10389abe2ff2999c566
|
||||
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
@@ -37,7 +37,7 @@ external-secrets:
|
||||
certController:
|
||||
image:
|
||||
repository: ghcr.io/external-secrets/external-secrets
|
||||
tag: v2.4.0@sha256:d2b74514f63f5b55360d08351f1fe5af3b1db794a81fa10389abe2ff2999c566
|
||||
tag: v2.3.0@sha256:c425f51f422506c380550ad32fbf155412c7be84dd1c4b196130dcf04497be80
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:c42d896ab065b1278e0ae9f297e15ba2165fec99148003bf67f56aa641cf406a
|
||||
generated: "2026-04-24T22:50:55.336683873Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:06e321d19ffe0df94b3cd6bcc306804729710f74ca2f9962652628377836c33e
|
||||
generated: "2026-04-11T15:26:16.743784-05:00"
|
||||
|
||||
@@ -21,10 +21,10 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: volsync-target
|
||||
alias: volsync-target-db
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://raw.githubusercontent.com/foldergram/foldergram/refs/heads/main/client/public/icon-512.png
|
||||
# renovate: datasource=github-releases depName=foldergram/foldergram
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.storageMiaNfsName" -}}
|
||||
foldergram-pictures-collection-mia-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.storageMiaNfsName" . }}
|
||||
name: foldergram-pictures-collections-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.storageMiaNfsName" . }}
|
||||
volumeName: foldergram-pictures-collections-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.storageMiaNfsName" . }}
|
||||
name: foldergram-pictures-collections-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageMiaNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -14,7 +15,7 @@ spec:
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
nfs:
|
||||
path: '/volume2/Storage/Pictures/Collections/Minneapolis Institute of Art'
|
||||
path: /volume2/Storage/Pictures/Collections
|
||||
server: synologybond.alexlebens.net
|
||||
mountOptions:
|
||||
- vers=4
|
||||
|
||||
@@ -17,7 +17,7 @@ foldergram:
|
||||
- name: IMAGE_DETAIL_SOURCE
|
||||
value: original
|
||||
- name: DERIVATIVE_MODE
|
||||
value: lazy
|
||||
value: eager
|
||||
- name: DATA_ROOT
|
||||
value: ./data
|
||||
- name: GALLERY_ROOT
|
||||
@@ -70,18 +70,18 @@ foldergram:
|
||||
forceRename: foldergram-data
|
||||
storageClass: synology-iscsi-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 500Gi
|
||||
size: 250Gi
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: /app/data
|
||||
readOnly: false
|
||||
pictures-mia:
|
||||
existingClaim: foldergram-pictures-collection-mia-nfs-storage
|
||||
pictures:
|
||||
existingClaim: foldergram-pictures-collections-nfs-storage
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
- path: '/gallery/Minneapolis Institute of Art'
|
||||
- path: /gallery
|
||||
readOnly: true
|
||||
volsync-target-db:
|
||||
pvcTarget: foldergram-db
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:ad75160abdeec46eb8cbcfa25ce69cc99c0ec5e73142560df3ef5b1490a2a3f3
|
||||
generated: "2026-04-24T22:51:06.194383563Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:2a13aac2d207555bf33ee01db493d210e860e660433cd6f5b9b67fadf91f8f74
|
||||
generated: "2026-04-10T01:17:32.585138713Z"
|
||||
|
||||
@@ -22,14 +22,14 @@ dependencies:
|
||||
version: 4.6.2
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/freshrss.png
|
||||
# renovate: datasource=github-releases depName=FreshRSS/FreshRSS
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,52 +1,54 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-install-config
|
||||
name: freshrss-install-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-install-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: freshrss-install-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ADMIN_EMAIL
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-email
|
||||
property: ADMIN_EMAIL
|
||||
- secretKey: ADMIN_PASSWORD
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-password
|
||||
property: ADMIN_PASSWORD
|
||||
- secretKey: ADMIN_API_PASSWORD
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-api-password
|
||||
property: ADMIN_API_PASSWORD
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-oidc-authentik
|
||||
name: freshrss-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: freshrss-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/freshrss
|
||||
key: /authentik/oidc/freshrss
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/freshrss
|
||||
key: /authentik/oidc/freshrss
|
||||
property: secret
|
||||
- secretKey: OIDC_CLIENT_CRYPTO_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/key
|
||||
property: oidc-client-crypto-key
|
||||
key: /authentik/oidc/freshrss
|
||||
property: crypto-key
|
||||
|
||||
@@ -73,9 +73,9 @@ freshrss:
|
||||
value: preferred_username
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: freshrss-oidc-authentik
|
||||
name: freshrss-oidc-secret
|
||||
- secretRef:
|
||||
name: freshrss-install-config
|
||||
name: freshrss-install-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,25 +1,26 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-token
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: garage-token-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: GARAGE_RPC_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: rpc-secret
|
||||
key: /cl01tl/garage/token
|
||||
property: rpc
|
||||
- secretKey: GARAGE_ADMIN_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: admin-token
|
||||
key: /cl01tl/garage/token
|
||||
property: admin
|
||||
- secretKey: GARAGE_METRICS_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: metrics-token
|
||||
key: /cl01tl/garage/token
|
||||
property: metric
|
||||
|
||||
@@ -6,7 +6,8 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-main
|
||||
app.kubernetes.io/service: garage-main
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
ports:
|
||||
- name: admin
|
||||
@@ -26,6 +27,6 @@ spec:
|
||||
protocol: TCP
|
||||
targetPort: 3902
|
||||
selector:
|
||||
app.kubernetes.io/name: garage
|
||||
app.kubernetes.io/instance: garage
|
||||
app.kubernetes.io/name: garage
|
||||
garage-type: server
|
||||
|
||||
@@ -24,7 +24,7 @@ garage:
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -53,7 +53,7 @@ garage:
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -82,7 +82,7 @@ garage:
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -104,7 +104,7 @@ garage:
|
||||
- name: API_ADMIN_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
key: GARAGE_ADMIN_TOKEN
|
||||
resources:
|
||||
requests:
|
||||
@@ -273,7 +273,7 @@ garage:
|
||||
scrapeTimeout: 2m
|
||||
path: /metrics
|
||||
bearerTokenSecret:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
key: GARAGE_METRICS_TOKEN
|
||||
route:
|
||||
webui:
|
||||
|
||||
@@ -4,9 +4,9 @@ dependencies:
|
||||
version: 1.5.0
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:a1e4ca6f575989ad15501f31842b7b0a505cc7b2fc21d61587b8ae9ad7d39ffc
|
||||
generated: "2026-04-24T22:51:17.210954901Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:b2a7ef962a91dff4313f66c1d04356f1b2aeefc752d672a9a27ea227db4b8c7d
|
||||
generated: "2026-04-04T21:02:09.187828-05:00"
|
||||
|
||||
@@ -20,11 +20,11 @@ dependencies:
|
||||
version: 1.5.0
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/gatus.png
|
||||
# renovate: datasource=github-releases depName=TwiN/gatus
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,40 +1,42 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gatus-config
|
||||
name: gatus-config-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gatus-config-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: NTFY_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
key: /ntfy/user/cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gatus-oidc-authentik
|
||||
name: gatus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gatus-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gatus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gatus
|
||||
key: /authentik/oidc/gatus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gatus
|
||||
key: /authentik/oidc/gatus
|
||||
property: secret
|
||||
|
||||
@@ -20,17 +20,17 @@ gatus:
|
||||
NTFY_TOKEN:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gatus-config
|
||||
name: gatus-config-secret
|
||||
key: NTFY_TOKEN
|
||||
OIDC_CLIENT_ID:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gatus-oidc-authentik
|
||||
name: gatus-oidc-secret
|
||||
key: OIDC_CLIENT_ID
|
||||
OIDC_CLIENT_SECRET:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gatus-oidc-authentik
|
||||
name: gatus-oidc-secret
|
||||
key: OIDC_CLIENT_SECRET
|
||||
POSTGRES_USER:
|
||||
valueFrom:
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,10 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Release.Namespace }}
|
||||
name: generic-device-plugin
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Namespace }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: generic-device-plugin
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
|
||||
@@ -10,10 +10,10 @@ dependencies:
|
||||
version: 0.32.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
@@ -22,6 +22,6 @@ dependencies:
|
||||
version: 0.6.1
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 1.0.0
|
||||
digest: sha256:a90e8908ef9f5349f444e53474692af302999b0ddcfa6d68f24ede9ef55d97e5
|
||||
generated: "2026-04-24T22:51:28.783181948Z"
|
||||
version: 0.8.0
|
||||
digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925
|
||||
generated: "2026-04-16T20:09:26.031592859Z"
|
||||
|
||||
@@ -37,10 +37,10 @@ dependencies:
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.6.0
|
||||
version: 2.5.0
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-gitea
|
||||
@@ -52,7 +52,7 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-storage
|
||||
version: 1.0.0
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
|
||||
# renovate: datasource=github-releases depName=go-gitea/gitea
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-custom-templates
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
data:
|
||||
header.tmpl: |
|
||||
<script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script>
|
||||
|
||||
@@ -1,15 +1,64 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-admin-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-admin-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: username
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/auth/admin
|
||||
property: username
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/auth/admin
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /authentik/oidc/gitea
|
||||
property: secret
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /authentik/oidc/gitea
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-runner-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-runner-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: token
|
||||
remoteRef:
|
||||
@@ -20,15 +69,80 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-meilisearch-key
|
||||
name: gitea-renovate-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-meilisearch-key
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gitea-renovate-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: RENOVATE_ENDPOINT
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: RENOVATE_ENDPOINT
|
||||
- secretKey: RENOVATE_GIT_AUTHOR
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: RENOVATE_GIT_AUTHOR
|
||||
- secretKey: RENOVATE_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: RENOVATE_TOKEN
|
||||
- secretKey: RENOVATE_GIT_PRIVATE_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: id_rsa
|
||||
- secretKey: RENOVATE_GITHUB_COM_TOKEN
|
||||
remoteRef:
|
||||
key: /github/gitea-cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-renovate-ssh-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-renovate-ssh-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: config
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: ssh_config
|
||||
- secretKey: id_rsa
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: id_rsa
|
||||
- secretKey: id_rsa.pub
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: id_rsa.pub
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-meilisearch-master-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-meilisearch-master-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
@@ -39,27 +153,4 @@ spec:
|
||||
- secretKey: MEILI_MASTER_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/meilisearch
|
||||
property: master-key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gitea
|
||||
property: secret
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gitea
|
||||
property: client
|
||||
property: MEILI_MASTER_KEY
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
@@ -20,6 +21,8 @@ spec:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- kind: Service
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: gitea-http
|
||||
port: 3000
|
||||
weight: 100
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-tailscale
|
||||
name: gitea-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gitea-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
@@ -20,7 +21,7 @@ spec:
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: gitea-http
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Release.Namespace }}
|
||||
name: gitea
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Namespace }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gitea
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-themes-storage
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeMode: Filesystem
|
||||
storageClassName: ceph-filesystem
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PrometheusRule
|
||||
metadata:
|
||||
name: meilisearch
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: meilisearch
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
groups:
|
||||
- name: EmbeddedExporter
|
||||
rules:
|
||||
- alert: MeilisearchIndexIsEmpty
|
||||
expr: meilisearch_index_docs_count == 0
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Meilisearch index is empty (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Meilisearch index {{ `{{ $labels.index }}` }} has zero documents\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
- alert: MeilisearchHttpResponseTime
|
||||
expr: meilisearch_http_response_time_seconds > 0.5
|
||||
for: 0m
|
||||
labels:
|
||||
severity: warning
|
||||
annotations:
|
||||
summary: Meilisearch http response time (instance {{ `{{ $labels.instance }}` }})
|
||||
description: "Meilisearch http response time is too high\n VALUE = {{ `{{ $value }}` }}\n LABELS = {{ `{{ $labels }}` }}"
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-ssh
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
@@ -15,6 +16,8 @@ spec:
|
||||
sectionName: ssh
|
||||
rules:
|
||||
- backendRefs:
|
||||
- kind: Service
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: gitea-ssh
|
||||
port: 22
|
||||
weight: 100
|
||||
|
||||
@@ -59,7 +59,7 @@ gitea:
|
||||
oauth:
|
||||
- name: Authentik
|
||||
provider: openidConnect
|
||||
existingSecret: gitea-oidc-authentik
|
||||
existingSecret: gitea-oidc-secret
|
||||
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
|
||||
iconUrl: https://goauthentik.io/img/icon.png
|
||||
scopes: "email profile"
|
||||
@@ -137,7 +137,7 @@ gitea:
|
||||
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-meilisearch-key
|
||||
name: gitea-meilisearch-master-key-secret
|
||||
key: ISSUE_INDEXER_CONN_STR
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -194,7 +194,7 @@ gitea-actions:
|
||||
registry: docker.io
|
||||
repository: gitea/act_runner
|
||||
# renovate: datasource=docker depName=gitea/act_runner
|
||||
tag: 0.5.0@sha256:9946000491cf19c3ed487c23e5da4f0c287010d791f495796c756e41e7a79cbe
|
||||
tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56
|
||||
extraVolumeMounts:
|
||||
- name: workspace-vol
|
||||
mountPath: /workspace
|
||||
@@ -206,13 +206,14 @@ gitea-actions:
|
||||
runner:
|
||||
labels:
|
||||
- "ubuntu-latest:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
|
||||
- "ubuntu-latest-slim:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04-slim"
|
||||
- "ubuntu-js:docker://harbor.alexlebens.net/proxy-ghcr.io/catthehacker/ubuntu:js-24.04"
|
||||
- "ubuntu-24.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-24.04"
|
||||
- "ubuntu-22.04:docker://harbor.alexlebens.net/proxy-hub.docker/gitea/runner-images:ubuntu-22.04"
|
||||
dind:
|
||||
registry: docker.io
|
||||
repository: docker
|
||||
# renovate: datasource=docker depName=docker
|
||||
tag: 29.4.1-dind@sha256:c77e5d7912f9b137cc67051fdc2991d8f5ae22c55ddf532bb836dcb693a04940
|
||||
tag: 29.4.0-dind@sha256:f80c26212befc1c1988b529495532c6b9180d9b1dab1611f4a1efbe9da8ec821
|
||||
extraVolumeMounts:
|
||||
- name: docker-vol
|
||||
mountPath: /var/lib/docker
|
||||
@@ -234,7 +235,7 @@ meilisearch:
|
||||
MEILI_ENV: production
|
||||
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
|
||||
auth:
|
||||
existingMasterKeySecret: gitea-meilisearch-key
|
||||
existingMasterKeySecret: gitea-meilisearch-master-key-secret
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ceph-block
|
||||
|
||||
@@ -4,12 +4,12 @@ dependencies:
|
||||
version: 5.22.2
|
||||
- name: postgres-cluster
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
- name: valkey
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.6.1
|
||||
digest: sha256:fffa0806096edeb2b6a6ceead50427544ef3880a3d135afb4a9c7570d05b2042
|
||||
generated: "2026-04-24T21:52:27.743114014Z"
|
||||
digest: sha256:6c086da896f573fdb1b81abab43b90181f2af7bf57a62333c4426f3f30496ffa
|
||||
generated: "2026-04-13T20:33:58.123069628Z"
|
||||
|
||||
@@ -20,7 +20,7 @@ dependencies:
|
||||
repository: https://grafana.github.io/helm-charts
|
||||
- name: postgres-cluster
|
||||
alias: postgres-18-cluster
|
||||
version: 7.12.1
|
||||
version: 7.11.2
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: valkey
|
||||
alias: valkey-unified-alerting
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,44 +1,98 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-config
|
||||
name: grafana-auth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: grafana-auth-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: admin-user
|
||||
remoteRef:
|
||||
key: /cl01tl/grafana/config
|
||||
key: /cl01tl/grafana/auth
|
||||
property: admin-user
|
||||
- secretKey: admin-password
|
||||
remoteRef:
|
||||
key: /cl01tl/grafana/config
|
||||
key: /cl01tl/grafana/auth
|
||||
property: admin-password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-oidc-authentik
|
||||
name: grafana-oauth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: grafana-oauth-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: AUTH_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/grafana
|
||||
key: /authentik/oidc/grafana
|
||||
property: client
|
||||
- secretKey: AUTH_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/grafana
|
||||
key: /authentik/oidc/grafana
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-operator-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-operator-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /garage/home-infra/postgres-backups
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
key: /garage/home-infra/postgres-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/postgres-backups
|
||||
property: ACCESS_REGION
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-ceph
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -23,7 +24,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-coredns
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -41,7 +43,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-etcd
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -59,7 +62,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-garage
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -77,7 +81,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-loki
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -95,7 +100,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-node-full
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -113,7 +119,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-node-short
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -131,7 +138,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-pods
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -149,7 +157,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-argocd
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -167,7 +176,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-blocky
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -185,7 +195,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-cert-manager
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -203,7 +214,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-cloudnative-pg
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -221,7 +233,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-descheduler
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -239,7 +252,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-external-dns
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -257,7 +271,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-external-secrets
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -275,7 +290,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-gatus
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -293,7 +309,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-operator
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -311,7 +328,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-harbor
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -329,7 +347,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-speedtest-exporter
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -347,7 +366,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-spegel
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -365,7 +385,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-traefik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -383,7 +404,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-tdarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -401,7 +423,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-unpoller
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -419,7 +442,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-version-checker-internal
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -437,7 +461,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-version-checker
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -455,7 +480,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-volsync
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -473,7 +499,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-s3
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -491,7 +518,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -509,7 +537,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-gitea
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -527,7 +556,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-ntfy
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -545,7 +575,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-openbao
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -563,7 +594,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-qbittorrent
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -581,7 +613,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-vault
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -599,7 +632,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-unpackerr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -617,7 +651,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-airgradient
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -635,7 +670,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-server-power-consumption
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -653,7 +689,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-immich
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -671,7 +708,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-jellyfin
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -689,7 +727,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-navidrome
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -707,7 +746,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-radarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -725,7 +765,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-servarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -743,7 +784,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-sonarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user