alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 5 Actions Activity

Compare commits

base: alexlebens:tmp/secrets-3
Branches Tags
alexlebens:main alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:tmp/secrets-3 alexlebens:manifests
..
compare: alexlebens:d305893789628b01fc6e88b04dba97126e64406c
Branches Tags
alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-gitea alexlebens:renovate/unified-cilium alexlebens:auto/update-manifests alexlebens:main alexlebens:tmp/secrets-3 alexlebens:manifests

1 Commits
tmp/secret ... d305893789

Author SHA1 Message Date
Alex Lebens
d305893789 feat: fix parameter
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 1m40s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 2m9s
Details
2026-04-19 16:33:08 -05:00
49 changed files with 288 additions and 285 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.132.1@sha256:2ccc5b1f0340593c40e1598547aa98feee4e521a0906a423fe0be0431a733dfa container: ghcr.io/renovatebot/renovate:43.132.0@sha256:fc54bbc724d1924fa72c331729eefb5acd1385a9ce30617b0264a7fb4b8878da
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.5.2 version: 9.5.1
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e digest: sha256:52a9bcfdc287dac30b8833cd34654b7e62c864aa3d23bda7644a8acf5f75eb78
generated: "2026-04-19T19:53:40.43789-05:00" generated: "2026-04-16T15:57:15.168206017Z"

14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "argocd.labels" -}}
{{ include "argocd.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "argocd.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

52
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -1,40 +1,70 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-oidc-authentik name: argocd-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-oidc-authentik app.kubernetes.io/name: argocd-oidc-secret
{{- include "argocd.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/argocd key: /authentik/oidc/argocd
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /cl01tk/authentik/oidc/argocd key: /authentik/oidc/argocd
property: client property: client
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-notifications-ntfy name: argocd-notifications-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-notifications-ntfy app.kubernetes.io/name: argocd-notifications-secret
{{- include "argocd.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
key: /cl01tl/ntfy/users/cl01tl key: /ntfy/user/cl01tl
property: token property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: type
- secretKey: url
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: url
- secretKey: sshPrivateKey
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: sshPrivateKey

6
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -13,8 +13,8 @@ argo-cd:
connectors: connectors:
- config: - config:
issuer: https://authentik.alexlebens.net/application/o/argocd/ issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-authentik:client clientID: $argocd-oidc-secret:client
clientSecret: $argocd-oidc-authentik:secret clientSecret: $argocd-oidc-secret:secret
insecureEnableGroups: true insecureEnableGroups: true
scopes: scopes:
- openid - openid
@@ -205,7 +205,7 @@ argo-cd:
argocdUrl: https://argocd.alexlebens.net argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
name: argocd-notifications-ntfy name: argocd-notifications-secret
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.2 appVersion: 2.33.1

27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
View File

@@ -1,27 +0,0 @@
{{/*
Common labels
*/}}
{{- define "audiobookshelf.labels" -}}
{{ include "audiobookshelf.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "audiobookshelf.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "audiobookshelf.booksNfsName" -}}
audiobookshelf-books-nfs-storage
{{- end -}}
{{- define "audiobookshelf.audiobooksNfsName" -}}
audiobookshelf-audiobooks-nfs-storage
{{- end -}}
{{- define "audiobookshelf.podcastsNfsName" -}}
audiobookshelf-podcasts-nfs-storage
{{- end -}}

21
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,23 +1,18 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: audiobookshelf-config-apprise name: audiobookshelf-apprise-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-config-apprise app.kubernetes.io/name: audiobookshelf-apprise-config
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
ntfy-url: "{{ `{{ .internal-endpoint-credential }}` }}/audiobookshelf"
data: data:
- secretKey: internal-endpoint-credential - secretKey: ntfy-url
remoteRef: remoteRef:
key: /cl01tl/ntfy/users/cl01tl key: /cl01tl/audiobookshelf/apprise
property: internal-endpoint-credential property: ntfy-url

27
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "audiobookshelf.booksNfsName" . }} name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }} app.kubernetes.io/name: audiobookshelf-books-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "audiobookshelf.booksNfsName" . }} volumeName: audiobookshelf-books-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }} name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }} app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "audiobookshelf.audiobooksNfsName" . }} volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -37,13 +39,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }} name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }} app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "audiobookshelf.podcastsNfsName" . }} volumeName: audiobookshelf-podcasts-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

21
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "audiobookshelf.booksNfsName" . }} name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.booksNfsName" . }} app.kubernetes.io/name: audiobookshelf-books-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "audiobookshelf.audiobooksNfsName" . }} name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.audiobooksNfsName" . }} app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -49,11 +51,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "audiobookshelf.podcastsNfsName" . }} name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "audiobookshelf.podcastsNfsName" . }} app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
{{- include "audiobookshelf.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

4
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -12,7 +12,7 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5 tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -40,7 +40,7 @@ audiobookshelf:
- name: APPRISE_STATELESS_URLS - name: APPRISE_STATELESS_URLS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: audiobookshelf-config-apprise name: audiobookshelf-apprise-config
key: ntfy-url key: ntfy-url
service: service:
main: main:

14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "authentik.labels" -}}
{{ include "authentik.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "authentik.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: authentik-key name: authentik-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: authentik-key app.kubernetes.io/name: authentik-key-secret
{{- include "authentik.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

7
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -1,12 +1,13 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: {{ .Release.Name }}-tailscale name: authentik-tailscale
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ .Release.Name }}-tailscale app.kubernetes.io/name: authentik-tailscale
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics
{{- include "authentik.labels" . | nindent 4 }}
annotations: annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec: spec:

3
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access app.kubernetes.io/name: allow-outpost-cross-namespace-access
{{- include "authentik.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
from: from:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io

2
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -4,7 +4,7 @@ authentik:
- name: AUTHENTIK_SECRET_KEY - name: AUTHENTIK_SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: authentik-key name: authentik-key-secret
key: key key: key
- name: AUTHENTIK_POSTGRESQL__HOST - name: AUTHENTIK_POSTGRESQL__HOST
valueFrom: valueFrom:

24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "backrest.labels" -}}
{{ include "backrest.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "backrest.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "backrest.storageNfsName" -}}
backrest-nfs-storage
{{- end -}}
{{- define "backrest.shareNfsName" -}}
backrest-nfs-share
{{- end -}}

18
clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "backrest.storageNfsName" . }} name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }} app.kubernetes.io/name: backrest-nfs-storage
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "backrest.storageNfsName" . }} volumeName: backrest-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "backrest.shareNfsName" . }} name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }} app.kubernetes.io/name: backrest-nfs-share
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{- include "backrest.shareNfsName" . }} volumeName: backrest-nfs-share
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

14
clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "backrest.storageNfsName" . }} name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.storageNfsName" . }} app.kubernetes.io/name: backrest-nfs-storage
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "backrest.shareNfsName" . }} name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "backrest.shareNfsName" . }} app.kubernetes.io/name: backrest-nfs-share
{{- include "backrest.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "bazarr.labels" -}}
{{ include "bazarr.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "bazarr.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "bazarr.storageNfsName" -}}
bazarr-nfs-storage
{{- end -}}

9
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: bazarr-key name: bazarr-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bazarr-key app.kubernetes.io/name: bazarr-key-secret
{{- include "bazarr.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

9
clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{- include "bazarr.storageNfsName" . }} name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }} app.kubernetes.io/name: bazarr-nfs-storage
{{- include "bazarr.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ .Template.Name }} volumeName: bazarr-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

7
clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{- include "bazarr.storageNfsName" . }} name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "bazarr.storageNfsName" . }} app.kubernetes.io/name: bazarr-nfs-storage
{{- include "bazarr.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

2
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -39,7 +39,7 @@ bazarr:
- name: APIKEY - name: APIKEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: bazarr-key name: bazarr-key-secret
key: key key: key
- name: ENABLE_ADDITIONAL_METRICS - name: ENABLE_ADDITIONAL_METRICS
value: false value: false

24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cert-manager.labels" -}}
{{ include "cert-manager.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cert-manager.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "cert-manager.cloudflareSecretName" -}}
cert-manager-cloudflare-api-token
{{- end -}}
{{- define "cert-manager.cloudflareSecretKey" -}}
api-token
{{- end -}}

7
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: letsencrypt-issuer app.kubernetes.io/name: letsencrypt-issuer
{{- include "cert-manager.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
acme: acme:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
@@ -21,5 +22,5 @@ spec:
cloudflare: cloudflare:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
apiTokenSecretRef: apiTokenSecretRef:
name: {{- include "cert-manager.cloudflareSecretName" . }} name: cloudflare-api-token
key: {{- include "cert-manager.cloudflareSecretKey" . }} key: api-token

13
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -1,17 +1,18 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: {{- include "cert-manager.cloudflareSecretName" . }} name: cloudflare-api-token
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{- include "cert-manager.cloudflareSecretName" . }} app.kubernetes.io/name: cloudflare-api-token
{{- include "cert-manager.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: {{- include "cert-manager.cloudflareSecretKey" . }} - secretKey: api-token
remoteRef: remoteRef:
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate key: /cloudflare/alexlebens.net/clusterissuer
property: token property: token

14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "cilium.labels" -}}
{{ include "cilium.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cilium.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

19
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml Normal file
View File

@@ -0,0 +1,19 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPAdvertisement
# metadata:
# name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp-advertisements
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# advertisements:
# - advertisementType: "Service"
# service:
# addresses:
# - ExternalIP
# - LoadBalancerIP
# selector:
# matchExpressions:
# - {key: somekey, operator: NotIn, values: ['never-used-value']}

22
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml Normal file
View File

@@ -0,0 +1,22 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPClusterConfig
# metadata:
# name: cilium-bgp
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# node-role.kubernetes.io/bgp: "65020"
# bgpInstances:
# - name: "65020"
# localASN: 65020
# peers:
# - name: "udm-65000"
# peerASN: 65000
# peerAddress: 192.168.1.1
# peerConfigRef:
# name: "cilium-peer"

23
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml Normal file
View File

@@ -0,0 +1,23 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPPeerConfig
# metadata:
# name: cilium-peer
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-peer
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# timers:
# holdTimeSeconds: 9
# keepAliveTimeSeconds: 3
# ebgpMultihop: 4
# gracefulRestart:
# enabled: true
# restartTimeSeconds: 15
# families:
# - afi: ipv4
# safi: unicast
# advertisements:
# matchLabels:
# app.kubernetes.io/name: cilium-bgp-advertisements

6
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: default-ip-pool app.kubernetes.io/name: default-ip-pool
{{- include "cilium.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.1.21" - start: "10.232.1.21"
@@ -19,7 +20,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bgp-ip-pool app.kubernetes.io/name: bgp-ip-pool
{{- include "cilium.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.2.100" - start: "10.232.2.100"

45
clusters/cl01tl/helm/cilium/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,45 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# addresses:
# - type: IPAddress
# value: 10.232.1.23
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
# - allowedRoutes:
# namespaces:
# from: All
# hostname: 'alexlebens.net'
# name: https-domain
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate

3
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: hubble app.kubernetes.io/name: hubble
{{- include "cilium.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io

14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "dawarich.labels" -}}
{{ include "dawarich.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dawarich.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

22
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-key name: dawarich-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-key app.kubernetes.io/name: dawarich-key-secret
{{- include "dawarich.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
@@ -20,21 +21,22 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-oidc-authentik app.kubernetes.io/name: dawarich-oidc-secret
{{- include "dawarich.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/dawarich key: /authentik/oidc/dawarich
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/dawarich key: /authentik/oidc/dawarich
property: secret property: secret

6
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -61,12 +61,12 @@ dawarich:
- name: OIDC_CLIENT_ID - name: OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: client key: client
- name: OIDC_CLIENT_SECRET - name: OIDC_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: secret key: secret
- name: OIDC_PROVIDER_NAME - name: OIDC_PROVIDER_NAME
value: Authentik value: Authentik
@@ -81,7 +81,7 @@ dawarich:
- name: SECRET_KEY_BASE - name: SECRET_KEY_BASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-key name: dawarich-key-secret
key: key key: key
- name: RAILS_LOG_TO_STDOUT - name: RAILS_LOG_TO_STDOUT
value: true value: true

2
clusters/cl01tl/helm/radarr-4k/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-4k.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls299

2
clusters/cl01tl/helm/radarr-4k/values.yaml
View File

@@ -14,7 +14,7 @@ radarr-4k:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/radarr-anime/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr-anime.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls299

2
clusters/cl01tl/helm/radarr-anime/values.yaml
View File

@@ -14,7 +14,7 @@ radarr-anime:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/radarr-standup/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls299

2
clusters/cl01tl/helm/radarr-standup/values.yaml
View File

@@ -14,7 +14,7 @@ radarr-standup:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/radarr/Chart.yaml
View File

@@ -33,4 +33,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/radarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-radarr # renovate: datasource=github-releases depName=linuxserver/docker-radarr
appVersion: 6.1.1.10360-ls300 appVersion: 6.1.1.10360-ls299

2
clusters/cl01tl/helm/radarr/values.yaml
View File

@@ -14,7 +14,7 @@ radarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/radarr repository: ghcr.io/linuxserver/radarr
tag: 6.1.1.10360-ls300@sha256:b01097ad2d948c9f5eca39eb60bb529e2e55b0738c4bf7db09383bef0abab59d tag: 6.1.1.10360-ls299@sha256:6f1dda18354ea7f28cead8f6d099fc8222498c3ae165f567d504ed04d70980d7
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago

2
clusters/cl01tl/helm/site-documentation/values.yaml
View File

@@ -10,7 +10,7 @@ site-documentation:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-documentation repository: harbor.alexlebens.net/images/site-documentation
tag: 0.27.0@sha256:dafa3c8aa9401009c299bb274d140acc10d8531dd40c8253783b1f8ed8519d76 tag: 0.26.0@sha256:fbd3167788a75a637aef0be6ef32bef685ce4af59f45e955cc6eb57ed8b1fd87
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

2
clusters/cl01tl/helm/site-profile/values.yaml
View File

@@ -10,7 +10,7 @@ site-profile:
main: main:
image: image:
repository: harbor.alexlebens.net/images/site-profile repository: harbor.alexlebens.net/images/site-profile
tag: 3.18.5@sha256:2ad5cbbdbf1011f74c5fa804584236ffea266c37f046f837625af79a97bc0b56 tag: 3.18.4@sha256:3fb32ba981a059c1203c8716140bff20cc6484a90ec8694f8ac0604ac456c7f8
resources: resources:
requests: requests:
cpu: 10m cpu: 10m

10
clusters/cl01tl/helm/slskd/templates/secret-provider-class.yaml
View File

@@ -1,4 +1,4 @@
apiVersion: secrets-store.csi.x-k8s.io/v1 apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass kind: SecretProviderClass
metadata: metadata:
name: slskd-config-secret name: slskd-config-secret
@@ -8,12 +8,12 @@ metadata:
app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
provider: openbao provider: vault
parameters: parameters:
baoAddress: "http://openbao-internal.openbao:8200" vaultAddress: "http://openbao-internal.openbao:8200"
roleName: slskd roleName: slskd
objects: | objects: |
- objectName: slskd.yml - objectName: slskd-config-secret
fileName: slskd.yml fileName: slskd.yml
secretPath: secret/data/cl01tl/slskd/config secretPath: cl01tl/slskd/config
secretKey: slskd.yml secretKey: slskd.yml

4
clusters/cl01tl/helm/slskd/values.yaml
View File

@@ -48,8 +48,6 @@ slskd:
value: 1000 value: 1000
- name: SLSKD_UMASK - name: SLSKD_UMASK
value: 000 value: 000
- name: SLSKD_CONFIG
value: /config/slskd.yml
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
@@ -158,7 +156,7 @@ slskd:
advancedMounts: advancedMounts:
main: main:
main: main:
- path: /config/slskd.yml - path: /app/slskd.yml
readOnly: true readOnly: true
mountPropagation: None mountPropagation: None
subPath: slskd.yml subPath: slskd.yml