alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions 1 Activity

Compare commits

base: alexlebens:tmp/secrets-5
Branches Tags
alexlebens:main alexlebens:tmp/secrets-5 alexlebens:renovate/major-unified-grimmory alexlebens:renovate/unified-ui alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-ntfy alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:270b97e7dfd71e97d0d1d64f1af8df74e3ecaf32
Branches Tags
alexlebens:tmp/secrets-5 alexlebens:renovate/major-unified-grimmory alexlebens:renovate/unified-ui alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-ntfy alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

1 Commits
tmp/secret ... 270b97e7df

Author SHA1 Message Date
Renovate Bot
270b97e7df chore(deps): update komodo to v2
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 25s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 16s
Details
render-manifests / render-manifests (pull_request) Has been skipped
Details
2026-03-24 18:20:44 +00:00
629 changed files with 7314 additions and 7824 deletions
Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

258
.gitea/workflows/lint-test-helm.yaml
View File

@@ -16,8 +16,8 @@ on:
env: env:
CLUSTER: cl01tl CLUSTER: cl01tl
BASE_BRANCH: "origin/${{ github.base_ref }}" BASE_BRANCH: "origin/${{ github.base_ref }}"
# renovate: datasource=github-releases depName=yannh/kubeconform
KUBECONFORM_VERSION: "v0.6.7" KUBECONFORM_VERSION: "v0.6.7"
ARGOCD_VERSION: "v3.3.6"
jobs: jobs:
lint-helm: lint-helm:
@@ -102,7 +102,7 @@ jobs:
echo "" echo ""
echo "${CHANGED_CHARTS}" echo "${CHANGED_CHARTS}"
CHANGED_CHARTS_CSV=$(echo "${CHANGED_CHARTS}" | paste -sd ',' -) CHANGED_CHARTS_CSV=$(echo "$CHANGED_CHARTS" | paste -sd ',' -)
echo "" echo ""
echo "----" echo "----"
@@ -236,17 +236,7 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Cache Kubeconform
id: cache-kubeconform
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
with:
path: /usr/local/bin/kubeconform
key: ${{ runner.os }}-kubeconform-${{ env.KUBECONFORM_VERSION }}
restore-keys: |
${{ runner.os }}-kubeconform-
- name: Install Kubeconform - name: Install Kubeconform
if: steps.cache-kubeconform.outputs.cache-hit != 'true'
run: | run: |
echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..." echo ">> Downloading Kubeconform ${{ env.KUBECONFORM_VERSION }} ..."
wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz wget -q https://github.com/yannh/kubeconform/releases/download/${{ env.KUBECONFORM_VERSION }}/kubeconform-linux-amd64.tar.gz
@@ -259,8 +249,6 @@ jobs:
echo ">> Installing Kubeconform ..." echo ">> Installing Kubeconform ..."
sudo mv kubeconform /usr/local/bin/ sudo mv kubeconform /usr/local/bin/
- name: Verify installation
run: |
echo "" echo ""
echo ">> Verifying installation ..." echo ">> Verifying installation ..."
kubeconform -v kubeconform -v
@@ -336,7 +324,7 @@ jobs:
helm dependency build "${CHART_PATH}" --skip-refresh helm dependency build "${CHART_PATH}" --skip-refresh
if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor" | \ if ! helm template "${DIR}" "${CHART_PATH}" --include-crds --namespace default --api-versions "gateway.networking.k8s.io/v1/HTTPRoute" | \
kubeconform \ kubeconform \
${SCHEMA_LOCATIONS} \ ${SCHEMA_LOCATIONS} \
-ignore-missing-schemas \ -ignore-missing-schemas \
@@ -377,243 +365,3 @@ jobs:
icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png' icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]' actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
image: true image: true
# argo-diff:
# needs: lint-helm
# runs-on: ubuntu-js
# if: |
# needs.lint-helm.result == 'success' &&
# needs.lint-helm.outputs.changes-detected == 'true' &&
# github.event_name == 'pull_request'
# steps:
# - name: Checkout
# uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
# with:
# fetch-depth: 0
# - name: Cache ArgoCD CLI
# id: cache-argocd
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: /usr/local/bin/argocd
# key: ${{ runner.os }}-argocd-${{ env.ARGOCD_VERSION }}
# restore-keys: |
# ${{ runner.os }}-argocd-
# - name: Install ArgoCD CLI
# if: steps.cache-argocd.outputs.cache-hit != 'true'
# run: |
# echo ">> Downloading ArgoCD CLI, version: ${{ env.ARGOCD_VERSION }} ..."
# curl -sSL -o argocd-linux-amd64 https://github.com/argoproj/argo-cd/releases/download/${{ env.ARGOCD_VERSION }}/argocd-linux-amd64
# echo ""
# echo ">> Installing ArgoCD CLI ..."
# sudo install -m 555 argocd-linux-amd64 /usr/local/bin/argocd
# echo ""
# echo "----"
# - name: Verify installation
# run: |
# echo ""
# echo ">> Verifying installation ..."
# argocd version --client
# echo ""
# echo "----"
# - name: Set Up Helm
# uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5
# with:
# token: ${{ secrets.GITEA_TOKEN }}
# # renovate: datasource=github-releases depName=helm/helm
# version: v4.1.3
# cache: true
# - name: Cache Helm Dependencies
# uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
# with:
# path: |
# ~/.cache/helm
# ~/.config/helm
# key: helm-cache-${{ runner.os }}-${{ hashFiles('infrastructure/clusters/cl01tl/helm/**/Chart.yaml', 'infrastructure/clusters/cl01tl/helm/**/Chart.lock') }}
# restore-keys: |
# helm-cache-${{ runner.os }}-
# - name: Add Repositories
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# echo ">> Adding repositories for chart dependencies ..."
# echo ""
# for DIR in ${CHANGED_CHARTS}; do
# helm dependency list --max-col-width 120 clusters/${CLUSTER}/helm/${DIR} 2> /dev/null \
# | tail -n +2 \
# | awk 'NF > 0 { print $1, $3 }' \
# | while read -r REPO_NAME REPO_URL; do
# if [[ "${REPO_URL}" == oci://* ]]; then
# echo ">> Ignoring OCI repo: ${REPO_URL}"
# elif [[ -n "${REPO_NAME}" && -n "${REPO_URL}" ]]; then
# helm repo add "${REPO_NAME}" "${REPO_URL}"
# fi
# done || true
# done
# if helm repo list > /dev/null 2>&1; then
# echo ""
# echo ">> Update repository cache ..."
# helm repo update
# fi
# echo ""
# echo "----"
# - name: Render Templates
# id: render
# env:
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Render templates for ${APP_NAME} ..."
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
# mkdir -p "${OUTPUT_FOLDER}"
# helm dependency build "${CHART_PATH}" --skip-refresh
# NAMESPACE="${APP_NAME}"
# case "${APP_NAME}" in
# "stack")
# NAMESPACE="argocd"
# echo ">> Special Rendering into 'argocd' namespace ..."
# ;;
# "cilium" | "coredns" | "metrics-server")
# NAMESPACE="kube-system"
# echo ">> Special Rendering for ${APP_NAME} into 'kube-system' namespace ..."
# ;;
# *)
# echo ">> Standard Rendering ..."
# esac
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
# # Format and split rendered template
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
# # Strip comments again to ensure formatting correctness
# for file in "$OUTPUT_FOLDER"/*; do
# yq -i '... comments=""' $file
# done
# echo ""
# echo ">> Templates in output folder: ${OUTPUT_FOLDER}"
# ls ${OUTPUT_FOLDER}
# done
# echo "----"
# - name: Run App Diff
# id: diff
# env:
# ARGOCD_SERVER: ${{ secrets.ARGOCD_SERVER }}
# ARGOCD_AUTH_TOKEN: ${{ secrets.ARGOCD_AUTH_TOKEN }}
# CHANGED_CHARTS: ${{ needs.lint-helm.outputs.chart-dir }}
# run: |
# FAILED_CHARTS=""
# DIFF_FOUND="false"
# EXIT_CODE=0
# for APP_NAME in ${CHANGED_CHARTS}; do
# echo ">> Running argocd app diff for ${APP_NAME} ..."
# if ! argocd app diff "${APP_NAME}" \
# --server "${ARGOCD_SERVER}" \
# --auth-token "${ARGOCD_AUTH_TOKEN}" \
# --revision ${{ github.sha }} \
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
# --local-repo-root "." \
# --grpc-web > "diff_output_${APP_NAME}.txt" 2>&1; then
# # ArgoCD diff returns non-zero on diff or error.
# # Let's capture if it actually generated a diff output to post.
# DIFF_FOUND="true"
# # Check if the output contains validation/connection errors
# if grep -iE 'error|failed|connection refused|timeout' "diff_output_${APP_NAME}.txt"; then
# echo ">> ArgoCD encountered an error validating ${APP_NAME}!"
# EXIT_CODE=1
# FAILED_CHARTS="${FAILED_CHARTS} ${APP_NAME}"
# fi
# fi
# if [ -s "diff_output_${APP_NAME}.txt" ]; then
# echo ">> Argo diff or errors:"
# echo ""
# cat diff_output_${APP_NAME}.txt
# echo ""
# else
# echo ">> No Argo diff found for ${APP_NAME}"
# rm "diff_output_${APP_NAME}.txt"
# fi
# done
# echo "----"
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
# exit $EXIT_CODE
# - name: Post Diff
# if: |
# always() &&
# steps.diff.outputs.diff-detected == 'true' &&
# github.event.pull_request.number != null
# env:
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
# run: |
# COMMENT_BODY="### ArgoCD Diff Results
# "
# for f in diff_output_*.txt; do
# APP_NAME=$(echo $f | sed 's/diff_output_//;s/.txt//')
# DIFF_CONTENT=$(cat "$f")
# COMMENT_BODY="${COMMENT_BODY}
# #### App: ${APP_NAME}
# "
# if [ -z "$DIFF_CONTENT" ]; then
# COMMENT_BODY="${COMMENT_BODY} No changes detected."
# else
# COMMENT_BODY="${COMMENT_BODY}
# \`\`\`diff
# ${DIFF_CONTENT}
# \`\`\`"
# fi
# done
# curl -X 'POST' \
# "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
# -H "Authorization: token ${GITEA_TOKEN}" \
# -H "Content-Type: application/json" \
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
# - name: ntfy Failed
# uses: niniyas/ntfy-action@96acac57fdc91d4c4f50b78486c1ed6f03f9f61c # master
# if: failure()
# with:
# url: '${{ secrets.NTFY_URL }}'
# topic: '${{ secrets.NTFY_TOPIC }}'
# title: 'ArgoCD Diff Failure'
# priority: 3
# headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
# tags: action,failed
# details: "ArgoCD diff for cluster '${{ env.CLUSTER }}' failed on charts: ${{ steps.diff.outputs.failed-charts }}"
# icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
# actions: '[{"action": "view", "label": "View Run", "url": "${{ vars.USER_URL }}/${{ github.repository }}/actions/runs/${{ github.run_id }}", "clear": true}]'
# image: true

8
.gitea/workflows/render-manifests.yaml
View File

@@ -50,7 +50,7 @@ jobs:
cache: true cache: true
- name: Configure Kubeconfig - name: Configure Kubeconfig
uses: azure/k8s-set-context@89b837d75b40a7bd2ddafde837473c212db8b313 # v5 uses: azure/k8s-set-context@ae59a723ba9abe7a9655538854a025448dbab4aa # v4
with: with:
method: kubeconfig method: kubeconfig
kubeconfig: ${{ secrets.KUBECONFIG }} kubeconfig: ${{ secrets.KUBECONFIG }}
@@ -273,7 +273,7 @@ jobs:
NAMESPACE="argocd" NAMESPACE="argocd"
echo ">> Special Rendering into 'argocd' namespace ..." echo ">> Special Rendering into 'argocd' namespace ..."
;; ;;
"cilium" | "coredns" | "metrics-server") "cilium" | "coredns" | "metrics-server" | "prometheus-operator-crds")
NAMESPACE="kube-system" NAMESPACE="kube-system"
echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..." echo ">> Special Rendering for ${CHART_NAME} into 'kube-system' namespace ..."
;; ;;
@@ -283,7 +283,7 @@ jobs:
echo ">> Formating rendered template ..." echo ">> Formating rendered template ..."
local TEMPLATE local TEMPLATE
TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor") TEMPLATE=$(helm template "${CHART_NAME}" ./ --namespace "${NAMESPACE}" --include-crds --dry-run=server --api-versions "gateway.networking.k8s.io/v1/HTTPRoute")
# Format and split rendered template # Format and split rendered template
echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"' echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
@@ -314,7 +314,7 @@ jobs:
for DIR in ${RENDER_DIR}; do for DIR in ${RENDER_DIR}; do
echo "${DIR}" echo "${DIR}"
done | xargs -P 5 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {} done | xargs -P 4 -I {} bash -c 'OUT=$(render_chart "$@" 2>&1); printf "%s\n" "$OUT"' _ {}
echo "" echo ""
echo "----" echo "----"

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.138.2@sha256:79765b2442117d5c87e17456aa79ae54b4e0e2a4d9212a10508e233706375556 container: ghcr.io/renovatebot/renovate:43.89.2@sha256:a823bf9ff1f04c31d46267b78330e06f802dbf6e1af899e21c6a8e3197d45354
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

7
clusters/cl01tl/helm/actual/Chart.lock
View File

@@ -2,5 +2,8 @@ dependencies:
- name: app-template - name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d - name: volsync-target
generated: "2026-04-18T20:15:22.778699-05:00" repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
generated: "2026-03-06T01:04:41.514235218Z"

10
clusters/cl01tl/helm/actual/Chart.yaml
View File

@@ -18,10 +18,10 @@ dependencies:
alias: actual alias: actual
repository: https://bjw-s-labs.github.io/helm-charts/ repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2 version: 4.6.2
# - name: volsync-target - name: volsync-target
# alias: volsync-target-data alias: volsync-target-data
# version: 0.8.0 version: 0.8.0
# repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
# renovate: datasource=github-releases depName=actualbudget/actual # renovate: datasource=github-releases depName=actualbudget/actual
appVersion: 26.4.0 appVersion: 26.3.0

14
clusters/cl01tl/helm/actual/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

7
clusters/cl01tl/helm/actual/values.yaml
View File

@@ -8,14 +8,14 @@ actual:
main: main:
image: image:
repository: ghcr.io/actualbudget/actual repository: ghcr.io/actualbudget/actual
tag: 26.4.0@sha256:b0e732e2c41b3dc468a71548e88ef76d3f0c157fc43d15fa05d14ec1c5747e1e tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2
env: env:
- name: ACTUAL_PORT - name: ACTUAL_PORT
value: 5006 value: 5006
resources: resources:
requests: requests:
cpu: 10m cpu: 25m
memory: 50Mi memory: 64Mi
probes: probes:
liveness: liveness:
enabled: true enabled: true
@@ -39,6 +39,7 @@ actual:
http: http:
port: 80 port: 80
targetPort: 5006 targetPort: 5006
protocol: HTTP
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute

12
clusters/cl01tl/helm/argo-workflows/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: argo-workflows
repository: https://argoproj.github.io/argo-helm
version: 1.0.6
- name: argo-events
repository: https://argoproj.github.io/argo-helm
version: 2.4.21
- name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts
version: 7.10.0
digest: sha256:5635bfe609d8a901df257ef3e6cb469396a21bdd4c6f96e7e33f84036019c52b
generated: "2026-03-24T16:59:01.228848139Z"

32
clusters/cl01tl/helm/argo-workflows/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: argo-workflows
version: 1.0.0
description: Argo Workflows
keywords:
- argo-workflows
- argo-events
- workflows
- events
home: https://docs.alexlebens.dev/applications/argo-workflows/
sources:
- https://github.com/argoproj/argo-workflows
- https://github.com/argoproj/argo-events
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows
- https://github.com/argoproj/argo-helm/tree/main/charts/argo-events
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
maintainers:
- name: alexlebens
dependencies:
- name: argo-workflows
version: 1.0.6
repository: https://argoproj.github.io/argo-helm
- name: argo-events
version: 2.4.21
repository: https://argoproj.github.io/argo-helm
- name: postgres-cluster
alias: postgres-18-cluster
version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-workflows
appVersion: v4.0.3

22
clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,22 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argo-workflows-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argo-workflows-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret
remoteRef:
key: /authentik/oidc/argo-workflows
property: secret
- secretKey: client
remoteRef:
key: /authentik/oidc/argo-workflows
property: client

109
clusters/cl01tl/helm/argo-workflows/values.yaml Normal file
View File

@@ -0,0 +1,109 @@
argo-workflows:
crds:
install: true
keep: true
full: true
upgradeJob:
image:
repository: registry.k8s.io/kubectl
tag: v1.35.3
controller:
metricsConfig:
enabled: true
persistence:
postgresql:
host: argo-workflows-postgresql-18-cluster-rw
port: 5432
database: app
tableName: app
userNameSecret:
name: argo-workflows-postgresql-18-cluster-app
key: username
passwordSecret:
name: argo-workflows-postgresql-18-cluster-app
key: password
ssl: false
sslMode: disable
workflowWorkers: 2
workflowTTLWorkers: 2
podCleanupWorkers: 2
cronWorkflowWorkers: 2
resources:
requests:
cpu: 10m
memory: 32Mi
serviceMonitor:
enabled: true
workflowNamespaces:
- argo-workflows
server:
authModes:
- sso
httproute:
enabled: true
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- argo-workflows.alexlebens.net
rules:
- matches:
- path:
type: PathPrefix
value: /
sso:
enabled: true
issuer: https://authentik.alexlebens.net/application/o/argo-workflows/
clientId:
name: argo-workflows-oidc-secret
key: client
clientSecret:
name: argo-workflows-oidc-secret
key: secret
redirectUrl: https://argo-workflows.alexlebens.net/oauth2/callback
rbac:
enabled: false
scopes:
- openid
- email
- profile
argo-events:
crds:
install: true
keep: true
controller:
resources:
requests:
cpu: 10m
memory: 32Mi
metrics:
enabled: true
serviceMonitor:
enabled: true
webhook:
enabled: true
resources:
requests:
cpu: 10m
memory: 32Mi
postgres-18-cluster:
mode: recovery
recovery:
method: objectStore
objectStore:
index: 1
backup:
objectStore:
- name: garage-local
index: 1
destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true
scheduledBackups:
- name: live-backup
suspend: false
immediate: true
schedule: "0 0 14 * * *"
backupName: garage-local

6
clusters/cl01tl/helm/argocd/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: argo-cd - name: argo-cd
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
version: 9.5.2 version: 9.4.15
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e digest: sha256:a0eed2e174bb6b13d04653c755a359025b050d479a92180039a1990dd8ee7caa
generated: "2026-04-19T19:53:40.43789-05:00" generated: "2026-03-20T01:09:07.547016465Z"

4
clusters/cl01tl/helm/argocd/Chart.yaml
View File

@@ -13,8 +13,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: argo-cd - name: argo-cd
version: 9.5.2 version: 9.4.15
repository: https://argoproj.github.io/argo-helm repository: https://argoproj.github.io/argo-helm
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
# renovate: datasource=github-releases depName=argoproj/argo-cd # renovate: datasource=github-releases depName=argoproj/argo-cd
appVersion: v3.3.7 appVersion: v3.3.4

14
clusters/cl01tl/helm/argocd/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

52
clusters/cl01tl/helm/argocd/templates/external-secret.yaml
View File

@@ -1,40 +1,70 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-oidc-authentik name: argocd-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-oidc-authentik app.kubernetes.io/name: argocd-oidc-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/argocd key: /authentik/oidc/argocd
property: secret property: secret
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/argocd key: /authentik/oidc/argocd
property: client property: client
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: argocd-notifications-ntfy name: argocd-notifications-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: argocd-notifications-ntfy app.kubernetes.io/name: argocd-notifications-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: ntfy-token - secretKey: ntfy-token
remoteRef: remoteRef:
key: /cl01tl/ntfy/users/cl01tl key: /ntfy/user/cl01tl
property: token property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: argocd-gitea-repo-infrastructure-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: type
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: type
- secretKey: url
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: url
- secretKey: sshPrivateKey
remoteRef:
key: /cl01tl/argocd/credentials/repo/infrastructure
property: sshPrivateKey

82
clusters/cl01tl/helm/argocd/values.yaml
View File

@@ -13,8 +13,8 @@ argo-cd:
connectors: connectors:
- config: - config:
issuer: https://authentik.alexlebens.net/application/o/argocd/ issuer: https://authentik.alexlebens.net/application/o/argocd/
clientID: $argocd-oidc-authentik:client clientID: $argocd-oidc-secret:client
clientSecret: $argocd-oidc-authentik:secret clientSecret: $argocd-oidc-secret:secret
insecureEnableGroups: true insecureEnableGroups: true
scopes: scopes:
- openid - openid
@@ -34,7 +34,7 @@ argo-cd:
replicas: 1 replicas: 1
resources: resources:
requests: requests:
cpu: 100m cpu: 15m
memory: 1Gi memory: 1Gi
readinessProbe: readinessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -48,36 +48,36 @@ argo-cd:
enabled: true enabled: true
rules: rules:
enabled: true enabled: true
spec: spec:
- alert: ArgoAppMissing - alert: ArgoAppMissing
expr: | expr: |
absent(argocd_app_info) == 1 absent(argocd_app_info) == 1
for: 15m for: 15m
labels: labels:
severity: critical severity: critical
annotations: annotations:
summary: "[Argo CD] No reported applications" summary: "[Argo CD] No reported applications"
description: > description: >
Argo CD has not reported any applications data for the past 15 minutes which Argo CD has not reported any applications data for the past 15 minutes which
means that it must be down or not functioning properly. This needs to be means that it must be down or not functioning properly. This needs to be
resolved for this cloud to continue to maintain state. resolved for this cloud to continue to maintain state.
- alert: ArgoAppNotSynced - alert: ArgoAppNotSynced
expr: | expr: |
argocd_app_info{sync_status!="Synced"} == 1 argocd_app_info{sync_status!="Synced"} == 1
for: 12h for: 12h
labels: labels:
severity: warning severity: warning
annotations: annotations:
summary: "[{{`{{$labels.name}}`}}] Application not synchronized" summary: "[{{`{{$labels.name}}`}}] Application not synchronized"
description: > description: >
The application [{{`{{$labels.name}}`}} has not been synchronized for over The application [{{`{{$labels.name}}`}} has not been synchronized for over
12 hours which means that the state of this cloud has drifted away from the 12 hours which means that the state of this cloud has drifted away from the
state inside Git. state inside Git.
dex: dex:
enabled: true enabled: true
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 64Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
@@ -91,14 +91,14 @@ argo-cd:
enabled: true enabled: true
image: image:
repository: redis repository: redis
tag: 8.6.2-alpine@sha256:81b6f81d6a6c5b9019231a2e8eb10085e3a139a34f833dcc965a8a959b040b72 tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0
persistentVolume: persistentVolume:
enabled: true enabled: true
redis: redis:
resources: resources:
requests: requests:
cpu: 1000m cpu: 1000m
memory: 50Mi memory: 64Mi
haproxy: haproxy:
enabled: true enabled: true
image: image:
@@ -106,8 +106,8 @@ argo-cd:
tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e tag: 3.3.6-alpine@sha256:744be2dca649a44d490a4c565d36968d19482dd387f1bdd44c168f4322bc6b1e
resources: resources:
requests: requests:
cpu: 5m cpu: 10m
memory: 90Mi memory: 128Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -138,8 +138,8 @@ argo-cd:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 20m cpu: 10m
memory: 80Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -157,8 +157,8 @@ argo-cd:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 50Mi memory: 64Mi
readinessProbe: readinessProbe:
enabled: true enabled: true
failureThreshold: 3 failureThreshold: 3
@@ -182,7 +182,7 @@ argo-cd:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 64Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -205,7 +205,7 @@ argo-cd:
argocdUrl: https://argocd.alexlebens.net argocdUrl: https://argocd.alexlebens.net
secret: secret:
create: false create: false
name: argocd-notifications-ntfy name: argocd-notifications-secret
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -218,8 +218,8 @@ argo-cd:
value: Bearer $ntfy-token value: Bearer $ntfy-token
resources: resources:
requests: requests:
cpu: 2m cpu: 10m
memory: 50Mi memory: 64Mi
livenessProbe: livenessProbe:
enabled: true enabled: true
readinessProbe: readinessProbe:

2
clusters/cl01tl/helm/audiobookshelf/Chart.yaml
View File

@@ -32,4 +32,4 @@ dependencies:
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
# renovate: datasource=github-releases depName=advplyr/audiobookshelf # renovate: datasource=github-releases depName=advplyr/audiobookshelf
appVersion: 2.33.2 appVersion: 2.33.1

27
clusters/cl01tl/helm/audiobookshelf/templates/_helpers.tpl
View File

@@ -1,27 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.booksNfsName" -}}
audiobookshelf-books-nfs-storage
{{- end -}}
{{- define "custom.audiobooksNfsName" -}}
audiobookshelf-audiobooks-nfs-storage
{{- end -}}
{{- define "custom.podcastsNfsName" -}}
audiobookshelf-podcasts-nfs-storage
{{- end -}}

21
clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml
View File

@@ -1,23 +1,18 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: audiobookshelf-config-apprise name: audiobookshelf-apprise-config
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: audiobookshelf-config-apprise app.kubernetes.io/name: audiobookshelf-apprise-config
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
target:
template:
mergePolicy: Merge
engineVersion: v2
data:
ntfy-url: "{{ `{{ .endpoint }}` }}/audiobookshelf"
data: data:
- secretKey: endpoint - secretKey: ntfy-url
remoteRef: remoteRef:
key: /cl01tl/ntfy/users/cl01tl key: /cl01tl/audiobookshelf/apprise
property: internal-endpoint-credential property: ntfy-url

27
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.booksNfsName" . }} name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.booksNfsName" . }} app.kubernetes.io/name: audiobookshelf-books-nfs-storage
{{ include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.booksNfsName" . }} volumeName: audiobookshelf-books-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.audiobooksNfsName" . }} name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }} app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.audiobooksNfsName" . }} volumeName: audiobookshelf-audiobooks-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -37,13 +39,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.podcastsNfsName" . }} name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }} app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.podcastsNfsName" . }} volumeName: audiobookshelf-podcasts-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

21
clusters/cl01tl/helm/audiobookshelf/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.booksNfsName" . }} name: audiobookshelf-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.booksNfsName" . }} app.kubernetes.io/name: audiobookshelf-books-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.audiobooksNfsName" . }} name: audiobookshelf-audiobooks-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }} app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -49,11 +51,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.podcastsNfsName" . }} name: audiobookshelf-podcasts-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }} app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

8
clusters/cl01tl/helm/audiobookshelf/values.yaml
View File

@@ -12,13 +12,13 @@ audiobookshelf:
main: main:
image: image:
repository: ghcr.io/advplyr/audiobookshelf repository: ghcr.io/advplyr/audiobookshelf
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5 tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 200Mi memory: 200Mi
apprise-api: apprise-api:
image: image:
@@ -40,7 +40,7 @@ audiobookshelf:
- name: APPRISE_STATELESS_URLS - name: APPRISE_STATELESS_URLS
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: audiobookshelf-config-apprise name: audiobookshelf-apprise-config
key: ntfy-url key: ntfy-url
service: service:
main: main:
@@ -49,9 +49,11 @@ audiobookshelf:
http: http:
port: 80 port: 80
targetPort: 80 targetPort: 80
protocol: HTTP
apprise: apprise:
port: 8000 port: 8000
targetPort: 8000 targetPort: 8000
protocol: HTTP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:

12
clusters/cl01tl/helm/authentik/Chart.lock
View File

@@ -1,15 +1,15 @@
dependencies: dependencies:
- name: authentik - name: authentik
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
version: 2026.2.2 version: 2026.2.1
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.4.0
digest: sha256:22fe4d9ec592aa74cbff5596e8d900f607bd68ea14c7df70a94b4ef76727614d digest: sha256:8c353c5dad4c3d04d518c1445497f0d1cb64261a4201ae17a2c0874454b807a7
generated: "2026-04-13T20:32:12.748342469Z" generated: "2026-03-15T20:04:35.99407071Z"

8
clusters/cl01tl/helm/authentik/Chart.yaml
View File

@@ -18,18 +18,18 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: authentik - name: authentik
version: 2026.2.2 version: 2026.2.1
repository: https://charts.goauthentik.io/ repository: https://charts.goauthentik.io/
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0 version: 2.4.0
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/authentik.png
# renovate: datasource=github-releases depName=goauthentik/authentik # renovate: datasource=github-releases depName=goauthentik/authentik

14
clusters/cl01tl/helm/authentik/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/authentik/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: authentik-key name: authentik-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: authentik-key app.kubernetes.io/name: authentik-key-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:

9
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: {{ .Release.Name }}-tailscale name: authentik-tailscale
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ .Release.Name }}-tailscale app.kubernetes.io/name: authentik-tailscale
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics
annotations: annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
@@ -25,4 +26,4 @@ spec:
service: service:
name: authentik-server name: authentik-server
port: port:
name: http number: 80

3
clusters/cl01tl/helm/authentik/templates/reference-grant.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: allow-outpost-cross-namespace-access app.kubernetes.io/name: allow-outpost-cross-namespace-access
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
from: from:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io

12
clusters/cl01tl/helm/authentik/values.yaml
View File

@@ -4,7 +4,7 @@ authentik:
- name: AUTHENTIK_SECRET_KEY - name: AUTHENTIK_SECRET_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: authentik-key name: authentik-key-secret
key: key key: key
- name: AUTHENTIK_POSTGRESQL__HOST - name: AUTHENTIK_POSTGRESQL__HOST
valueFrom: valueFrom:
@@ -33,7 +33,7 @@ authentik:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 20m cpu: 100m
memory: 700Mi memory: 700Mi
livenessProbe: livenessProbe:
failureThreshold: 3 failureThreshold: 3
@@ -66,8 +66,8 @@ authentik:
replicas: 2 replicas: 2
resources: resources:
requests: requests:
cpu: 80m cpu: 100m
memory: 650Mi memory: 512Mi
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -77,10 +77,6 @@ authentik:
enabled: true enabled: true
postgres-18-cluster: postgres-18-cluster:
mode: recovery mode: recovery
cluster:
resources:
requests:
memory: 150Mi
recovery: recovery:
method: objectStore method: objectStore
objectStore: objectStore:

24
clusters/cl01tl/helm/backrest/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
backrest-nfs-storage
{{- end -}}
{{- define "custom.shareNfsName" -}}
backrest-nfs-share
{{- end -}}

18
clusters/cl01tl/helm/backrest/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: backrest-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.storageNfsName" . }} volumeName: backrest-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.shareNfsName" . }} name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.shareNfsName" . }} app.kubernetes.io/name: backrest-nfs-share
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.shareNfsName" . }} volumeName: backrest-nfs-share
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

14
clusters/cl01tl/helm/backrest/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: backrest-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: backrest-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.shareNfsName" . }} name: backrest-nfs-share
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.shareNfsName" . }} app.kubernetes.io/name: backrest-nfs-share
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

5
clusters/cl01tl/helm/backrest/values.yaml
View File

@@ -22,8 +22,8 @@ backrest:
value: /tmp value: /tmp
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 30Mi memory: 80Mi
service: service:
main: main:
controller: main controller: main
@@ -31,6 +31,7 @@ backrest:
http: http:
port: 80 port: 80
targetPort: 9898 targetPort: 9898
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:

7
clusters/cl01tl/helm/bazarr/Chart.yaml
View File

@@ -5,14 +5,11 @@ description: Bazarr
keywords: keywords:
- bazarr - bazarr
- subtitles - subtitles
- servarr
home: https://docs.alexlebens.dev/applications/bazarr/ home: https://docs.alexlebens.dev/applications/bazarr/
sources: sources:
- https://github.com/morpheus65535/bazarr - https://github.com/morpheus65535/bazarr
- https://github.com/linuxserver/docker-bazarr - https://github.com/linuxserver/docker-bazarr
- https://github.com/onedr0p/exportarr
- https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr - https://github.com/linuxserver/docker-bazarr/pkgs/container/bazarr
- https://github.com/onedr0p/exportarr/pkgs/container/exportarr
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
@@ -27,5 +24,5 @@ dependencies:
version: 0.8.0 version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/bazarr.png
# renovate: datasource=github-releases depName=linuxserver/docker-bazarr # renovate: datasource=github-releases depName=morpheus65535/bazarr
appVersion: v1.5.6-ls342 appVersion: 1.5.6

21
clusters/cl01tl/helm/bazarr/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
bazarr-nfs-storage
{{- end -}}

17
clusters/cl01tl/helm/bazarr/templates/external-secret.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: bazarr-key
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: bazarr-key
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: key
remoteRef:
key: /cl01tl/bazarr/key
property: key

9
clusters/cl01tl/helm/bazarr/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: bazarr-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.storageNfsName" . }} volumeName: bazarr-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

7
clusters/cl01tl/helm/bazarr/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: bazarr-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: bazarr-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

39
clusters/cl01tl/helm/bazarr/values.yaml
View File

@@ -14,7 +14,7 @@ bazarr:
main: main:
image: image:
repository: ghcr.io/linuxserver/bazarr repository: ghcr.io/linuxserver/bazarr
tag: v1.5.6-ls342@sha256:9a631194c0dee21c85b5bff59e23610e1ae2f54594e922973949d271102e585e tag: 1.5.6@sha256:05f9d5b24884f37120453dc1a008a47be244eebec32099ae1bd29032e75b67aa
env: env:
- name: TZ - name: TZ
value: America/Chicago value: America/Chicago
@@ -25,26 +25,7 @@ bazarr:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 250Mi memory: 256Mi
metrics:
image:
repository: ghcr.io/onedr0p/exportarr
tag: v2.3.0@sha256:af535d94061cf97a52e1661945ffba78c03f9443eae7c0da1a80a5a4be56b520
args: ["bazarr"]
env:
- name: URL
value: http://localhost:6767
- name: PORT
value: 9792
- name: APIKEY
valueFrom:
secretKeyRef:
name: bazarr-key
key: key
- name: ENABLE_ADDITIONAL_METRICS
value: false
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
value: false
service: service:
main: main:
controller: main controller: main
@@ -52,21 +33,7 @@ bazarr:
http: http:
port: 80 port: 80
targetPort: 6767 targetPort: 6767
metrics: protocol: HTTP
port: 9792
targetPort: 9792
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: bazarr
app.kubernetes.io/instance: bazarr
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 3m
scrapeTimeout: 1m
path: /metrics
route: route:
main: main:
kind: HTTPRoute kind: HTTPRoute

6
clusters/cl01tl/helm/blocky/Chart.lock
View File

@@ -4,6 +4,6 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.4.0
digest: sha256:6ed3a7587906fbda581d0091ff2c29a1816b8b0b8ae40add9885e6a68b2b82ae digest: sha256:a5b0099261d772b24a302a106d106cfa82ac07fa14564141e00cf107d708e859
generated: "2026-04-13T20:32:34.844998902Z" generated: "2026-03-09T23:06:16.853255429Z"

2
clusters/cl01tl/helm/blocky/Chart.yaml
View File

@@ -20,7 +20,7 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/blocky.png
# renovate: datasource=github-releases depName=0xerr0r/blocky # renovate: datasource=github-releases depName=0xerr0r/blocky

14
clusters/cl01tl/helm/blocky/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

12
clusters/cl01tl/helm/blocky/values.yaml
View File

@@ -15,7 +15,7 @@ blocky:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 100Mi memory: 90Mi
configMaps: configMaps:
config: config:
enabled: true enabled: true
@@ -102,13 +102,14 @@ blocky:
;; Application Names ;; Application Names
actual IN CNAME traefik-cl01tl actual IN CNAME traefik-cl01tl
alertmanager IN CNAME traefik-cl01tl alertmanager IN CNAME traefik-cl01tl
argo-workflows IN CNAME traefik-cl01tl
argocd IN CNAME traefik-cl01tl argocd IN CNAME traefik-cl01tl
audiobookshelf IN CNAME traefik-cl01tl audiobookshelf IN CNAME traefik-cl01tl
authentik IN CNAME traefik-cl01tl authentik IN CNAME traefik-cl01tl
backrest IN CNAME traefik-cl01tl backrest IN CNAME traefik-cl01tl
bao IN CNAME traefik-cl01tl
bazarr IN CNAME traefik-cl01tl bazarr IN CNAME traefik-cl01tl
ceph IN CNAME traefik-cl01tl ceph IN CNAME traefik-cl01tl
code-server IN CNAME traefik-cl01tl
dawarich IN CNAME traefik-cl01tl dawarich IN CNAME traefik-cl01tl
directus IN CNAME traefik-cl01tl directus IN CNAME traefik-cl01tl
excalidraw IN CNAME traefik-cl01tl excalidraw IN CNAME traefik-cl01tl
@@ -136,16 +137,16 @@ blocky:
lidarr IN CNAME traefik-cl01tl lidarr IN CNAME traefik-cl01tl
mail IN CNAME traefik-cl01tl mail IN CNAME traefik-cl01tl
medialyze IN CNAME traefik-cl01tl medialyze IN CNAME traefik-cl01tl
movie-roulette IN CNAME traefik-cl01tl
music-grabber IN CNAME traefik-cl01tl music-grabber IN CNAME traefik-cl01tl
navidrome IN CNAME traefik-cl01tl navidrome IN CNAME traefik-cl01tl
ntfy IN CNAME traefik-cl01tl ntfy IN CNAME traefik-cl01tl
objects IN CNAME traefik-cl01tl objects IN CNAME traefik-cl01tl
ollama IN CNAME traefik-cl01tl ollama IN CNAME traefik-cl01tl
omni-tools IN CNAME traefik-cl01tl omni-tools IN CNAME traefik-cl01tl
paperless-ngx IN CNAME traefik-cl01tl photoview IN CNAME traefik-cl01tl
plex IN CNAME traefik-cl01tl plex IN CNAME traefik-cl01tl
postiz-spotlight IN CNAME traefik-cl01tl postiz IN CNAME traefik-cl01tl
postiz-temporal IN CNAME traefik-cl01tl
prometheus IN CNAME traefik-cl01tl prometheus IN CNAME traefik-cl01tl
prowlarr IN CNAME traefik-cl01tl prowlarr IN CNAME traefik-cl01tl
qbittorrent IN CNAME traefik-cl01tl qbittorrent IN CNAME traefik-cl01tl
@@ -161,7 +162,6 @@ blocky:
sonarr IN CNAME traefik-cl01tl sonarr IN CNAME traefik-cl01tl
sonarr-4k IN CNAME traefik-cl01tl sonarr-4k IN CNAME traefik-cl01tl
sonarr-anime IN CNAME traefik-cl01tl sonarr-anime IN CNAME traefik-cl01tl
sparkyfitness IN CNAME traefik-cl01tl
stalwart IN CNAME traefik-cl01tl stalwart IN CNAME traefik-cl01tl
tdarr IN CNAME traefik-cl01tl tdarr IN CNAME traefik-cl01tl
tubearchivist IN CNAME traefik-cl01tl tubearchivist IN CNAME traefik-cl01tl

6
clusters/cl01tl/helm/cert-manager/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cert-manager - name: cert-manager
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
version: v1.20.2 version: v1.20.0
digest: sha256:f218239b4538c64d57e098a56c69dcbc4e076ffcc3d320c5a5fef1e6309e38cf digest: sha256:1543bd17649cb32982de3cce017fcbed1b44c41d50b76c6471b266f33e261c29
generated: "2026-04-13T23:02:59.380767677Z" generated: "2026-03-10T16:06:49.332999536Z"

9
clusters/cl01tl/helm/cert-manager/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Cert Manager
keywords: keywords:
- cert-manager - cert-manager
- certificates - certificates
home: https://docs.alexlebens.dev/applications/cert-manager/ - kubernetes
home: https://wiki.alexlebens.dev/s/368fe718-eedb-40e0-a5a7-fad03cdc6b09
sources: sources:
- https://github.com/cert-manager/cert-manager - https://github.com/cert-manager/cert-manager
- https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager - https://github.com/cert-manager/cert-manager/tree/master/deploy/charts/cert-manager
@@ -13,8 +14,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cert-manager - name: cert-manager
version: v1.20.2 version: v1.20.0
repository: https://charts.jetstack.io repository: https://charts.jetstack.io
icon: https://raw.githubusercontent.com/cert-manager/cert-manager/refs/heads/master/logo/logo.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/cert-manager.png
# renovate: datasource=github-releases depName=cert-manager/cert-manager # renovate: datasource=github-releases depName=cert-manager/cert-manager
appVersion: v1.20.2 appVersion: v1.20.0

24
clusters/cl01tl/helm/cert-manager/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.cloudflareSecretName" -}}
cert-manager-cloudflare-api-token
{{- end -}}
{{- define "custom.cloudflareSecretKey" -}}
api-token
{{- end -}}

8
clusters/cl01tl/helm/cert-manager/templates/cluster-issuer.yaml
View File

@@ -2,10 +2,6 @@ apiVersion: cert-manager.io/v1
kind: ClusterIssuer kind: ClusterIssuer
metadata: metadata:
name: letsencrypt-issuer name: letsencrypt-issuer
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: letsencrypt-issuer
{{- include "custom.labels" . | nindent 4 }}
spec: spec:
acme: acme:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
@@ -21,5 +17,5 @@ spec:
cloudflare: cloudflare:
email: alexanderlebens@gmail.com email: alexanderlebens@gmail.com
apiTokenSecretRef: apiTokenSecretRef:
name: {{ include "custom.cloudflareSecretName" . }} name: cloudflare-api-token
key: {{ include "custom.cloudflareSecretKey" . }} key: api-token

16
clusters/cl01tl/helm/cert-manager/templates/external-secret.yaml
View File

@@ -1,17 +1,21 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: {{ include "custom.cloudflareSecretName" . }} name: cloudflare-api-token
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.cloudflareSecretName" . }} app.kubernetes.io/name: cloudflare-api-token
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: {{ include "custom.cloudflareSecretKey" . }} - secretKey: api-token
remoteRef: remoteRef:
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate conversionStrategy: Default
decodingStrategy: None
key: /cloudflare/alexlebens.net/clusterissuer
metadataPolicy: None
property: token property: token

8
clusters/cl01tl/helm/cert-manager/values.yaml
View File

@@ -3,16 +3,10 @@ cert-manager:
enabled: true enabled: true
keep: true keep: true
replicaCount: 2 replicaCount: 2
podDisruptionBudget:
enabled: true
minAvailable: 1
extraArgs: extraArgs:
- --enable-gateway-api - --enable-gateway-api
resources:
requests:
cpu: 10m
memory: 64Mi
prometheus: prometheus:
enabled: true
servicemonitor: servicemonitor:
enabled: true enabled: true
honorLabels: true honorLabels: true

9
clusters/cl01tl/helm/cilium/Chart.yaml
View File

@@ -4,12 +4,13 @@ version: 1.0.0
description: Cilium description: Cilium
keywords: keywords:
- cilium - cilium
- operator - cni
- network - network
home: https://docs.alexlebens.dev/applications/cilium/ - kubernetes
home: https://wiki.alexlebens.dev/s/9e6f5b17-e186-4af0-81cd-af647b162d3d
sources: sources:
- https://github.com/cilium/cilium - https://github.com/cilium/cilium
- https://github.com/cilium/cilium/tree/main/install/kubernetes/cilium - https://github.com/cilium/charts
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -18,4 +19,4 @@ dependencies:
repository: https://helm.cilium.io/ repository: https://helm.cilium.io/
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/cilium.png
# renovate: datasource=github-releases depName=cilium/cilium # renovate: datasource=github-releases depName=cilium/cilium
appVersion: 1.18.6 appVersion: 1.19.2

14
clusters/cl01tl/helm/cilium/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

19
clusters/cl01tl/helm/cilium/templates/cilium-bgp-advertisement.yaml Normal file
View File

@@ -0,0 +1,19 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPAdvertisement
# metadata:
# name: cilium-bgp-advertisements
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp-advertisements
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# advertisements:
# - advertisementType: "Service"
# service:
# addresses:
# - ExternalIP
# - LoadBalancerIP
# selector:
# matchExpressions:
# - {key: somekey, operator: NotIn, values: ['never-used-value']}

22
clusters/cl01tl/helm/cilium/templates/cilium-bgp-cluster-config.yaml Normal file
View File

@@ -0,0 +1,22 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPClusterConfig
# metadata:
# name: cilium-bgp
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-bgp
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# nodeSelector:
# matchLabels:
# node-role.kubernetes.io/bgp: "65020"
# bgpInstances:
# - name: "65020"
# localASN: 65020
# peers:
# - name: "udm-65000"
# peerASN: 65000
# peerAddress: 192.168.1.1
# peerConfigRef:
# name: "cilium-peer"

23
clusters/cl01tl/helm/cilium/templates/cilium-bgp-peer-config.yaml Normal file
View File

@@ -0,0 +1,23 @@
# apiVersion: cilium.io/v2
# kind: CiliumBGPPeerConfig
# metadata:
# name: cilium-peer
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-peer
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# spec:
# timers:
# holdTimeSeconds: 9
# keepAliveTimeSeconds: 3
# ebgpMultihop: 4
# gracefulRestart:
# enabled: true
# restartTimeSeconds: 15
# families:
# - afi: ipv4
# safi: unicast
# advertisements:
# matchLabels:
# app.kubernetes.io/name: cilium-bgp-advertisements

6
clusters/cl01tl/helm/cilium/templates/cilium-load-balancer-ip-pool.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: default-ip-pool app.kubernetes.io/name: default-ip-pool
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.1.21" - start: "10.232.1.21"
@@ -19,7 +20,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: bgp-ip-pool app.kubernetes.io/name: bgp-ip-pool
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
blocks: blocks:
- start: "10.232.2.100" - start: "10.232.2.100"

45
clusters/cl01tl/helm/cilium/templates/gateway.yaml Normal file
View File

@@ -0,0 +1,45 @@
# apiVersion: gateway.networking.k8s.io/v1
# kind: Gateway
# metadata:
# name: cilium-tls-gateway
# namespace: {{ .Release.Namespace }}
# labels:
# app.kubernetes.io/name: cilium-tls-gateway
# app.kubernetes.io/instance: {{ .Release.Name }}
# app.kubernetes.io/part-of: {{ .Release.Name }}
# annotations:
# cert-manager.io/cluster-issuer: letsencrypt-issuer
# spec:
# addresses:
# - type: IPAddress
# value: 10.232.1.23
# gatewayClassName: cilium
# listeners:
# - allowedRoutes:
# namespaces:
# from: All
# hostname: '*.alexlebens.net'
# name: https
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate
# - allowedRoutes:
# namespaces:
# from: All
# hostname: 'alexlebens.net'
# name: https-domain
# port: 443
# protocol: HTTPS
# tls:
# certificateRefs:
# - group: ''
# kind: Secret
# name: https-gateway-cert
# namespace: kube-system
# mode: Terminate

7
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: hubble app.kubernetes.io/name: hubble
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
@@ -20,6 +21,8 @@ spec:
type: PathPrefix type: PathPrefix
value: / value: /
backendRefs: backendRefs:
- kind: Service - group: ''
kind: Service
name: hubble-ui name: hubble-ui
port: 80 port: 80
weight: 100

28
clusters/cl01tl/helm/cilium/values.yaml
View File

@@ -25,24 +25,36 @@ cilium:
- NET_ADMIN - NET_ADMIN
- SYS_ADMIN - SYS_ADMIN
- SYS_RESOURCE - SYS_RESOURCE
l2announcements:
enabled: false
bgpControlPlane: bgpControlPlane:
enabled: false enabled: false
secretsNamespace:
name: kube-system
statusReport:
enabled: true
routerIDAllocation:
mode: "default"
bpf: bpf:
hostLegacyRouting: true hostLegacyRouting: true
devices: end0 enp6s0 devices: end0 enp6s0
ciliumEndpointSlice: ciliumEndpointSlice:
enabled: true enabled: true
ingressController:
enabled: false
gatewayAPI: gatewayAPI:
enabled: true enabled: true
enableAppProtocol: true
enableAlpn: true enableAlpn: true
secretsNamespace: enableAppProtocol: true
create: false gatewayClass:
name: kube-system create: auto
externalIPs:
enabled: true
socketLB: socketLB:
enabled: true enabled: true
hostNamespaceOnly: true hostNamespaceOnly: true
hubble: hubble:
enabled: true
metrics: metrics:
serviceMonitor: serviceMonitor:
enabled: true enabled: true
@@ -56,6 +68,8 @@ cilium:
enabled: true enabled: true
ui: ui:
enabled: true enabled: true
ingress:
enabled: false
ipam: ipam:
mode: "kubernetes" mode: "kubernetes"
ipv4: ipv4:
@@ -63,11 +77,12 @@ cilium:
ipv6: ipv6:
enabled: false enabled: false
kubeProxyReplacement: true kubeProxyReplacement: true
l7Proxy: true
prometheus: prometheus:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
enabled: true
trustCRDsExist: true trustCRDsExist: true
enabled: true
envoy: envoy:
enabled: true enabled: true
securityContext: securityContext:
@@ -79,11 +94,14 @@ cilium:
- PERFMON - PERFMON
- BPF - BPF
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
operator: operator:
enabled: true
rollOutPods: true rollOutPods: true
prometheus: prometheus:
enabled: true
serviceMonitor: serviceMonitor:
enabled: true enabled: true
cgroup: cgroup:

8
clusters/cl01tl/helm/cloudnative-pg/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: cloudnative-pg - name: cloudnative-pg
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
version: 0.28.0 version: 0.27.1
- name: plugin-barman-cloud - name: plugin-barman-cloud
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
version: 0.6.0 version: 0.5.0
digest: sha256:48241acb753e635a01b306b90cfbce13ed3c0105a33ec7d36f159e3a7fe607f3 digest: sha256:e7089ffd089cae87529e28f0e71302b9fc4a869b389cbb6628f1c559644a3a10
generated: "2026-04-14T09:03:10.332065288Z" generated: "2026-02-05T19:36:19.473447121Z"

13
clusters/cl01tl/helm/cloudnative-pg/Chart.yaml
View File

@@ -6,22 +6,21 @@ keywords:
- cloudnative-pg - cloudnative-pg
- operator - operator
- postgresql - postgresql
home: https://docs.alexlebens.dev/applications/cloudnative-pg/ - kubernetes
home: https://wiki.alexlebens.dev/s/9fb10833-0278-4e64-a34c-d348d833839f
sources: sources:
- https://github.com/cloudnative-pg/cloudnative-pg - https://github.com/cloudnative-pg/cloudnative-pg
- https://github.com/cloudnative-pg/plugin-barman-cloud
- https://github.com/cloudnative-pg/postgres-containers/pkgs/container/postgresql
- https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg - https://github.com/cloudnative-pg/charts/tree/main/charts/cloudnative-pg
- https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud - https://github.com/cloudnative-pg/charts/tree/main/charts/plugin-barman-cloud
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: cloudnative-pg - name: cloudnative-pg
version: 0.28.0 version: 0.27.1
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
- name: plugin-barman-cloud - name: plugin-barman-cloud
version: 0.6.0 version: 0.5.0
repository: https://cloudnative-pg.io/charts/ repository: https://cloudnative-pg.io/charts/
icon: https://raw.githubusercontent.com/cloudnative-pg/cloudnative-pg.github.io/refs/heads/main/assets/images/hero_image.png icon: https://avatars.githubusercontent.com/u/100373852?s=200&v=4
# renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg # renovate: datasource=github-releases depName=cloudnative-pg/cloudnative-pg
appVersion: 1.29.0 appVersion: 1.28.1

14
clusters/cl01tl/helm/cloudnative-pg/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

16
clusters/cl01tl/helm/cloudnative-pg/values.yaml
View File

@@ -1,16 +1,16 @@
cloudnative-pg: cloudnative-pg:
replicaCount: 2 replicaCount: 2
resources:
requests:
cpu: 10m
memory: 100Mi
monitoring: monitoring:
podMonitorEnabled: true podMonitorEnabled: true
plugin-barman-cloud: plugin-barman-cloud:
replicaCount: 1 replicaCount: 1
image:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud
tag: v0.11.0
sidecarImage:
registry: ghcr.io
repository: cloudnative-pg/plugin-barman-cloud-sidecar
tag: v0.11.0
crds: crds:
create: true create: true
resources:
requests:
cpu: 1m
memory: 20Mi

12
clusters/cl01tl/helm/code-server/Chart.lock Normal file
View File

@@ -0,0 +1,12 @@
dependencies:
- name: app-template
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:dee0f52096efc543f4db3a5dc2732fd37ae9b7950b264e399a6e74c2f3e7cee6
generated: "2026-03-09T22:04:00.58415637Z"

32
clusters/cl01tl/helm/code-server/Chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: code-server
version: 1.0.0
description: Code Server
keywords:
- code-server
- code
- ide
home: https://wiki.alexlebens.dev/s/233f96bb-db70-47e4-8b22-a8efcbb0f93d
sources:
- https://github.com/coder/code-server
- https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/linuxserver/code-server
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers:
- name: alexlebens
dependencies:
- name: app-template
alias: code-server
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
- name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts
version: 2.4.0
- name: volsync-target
alias: volsync-target-config
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/visual-studio-code.png
# renovate: datasource=github-releases depName=linuxserver/docker-code-server
appVersion: 4.108.1

28
clusters/cl01tl/helm/code-server/templates/external-secret.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: codeserver-password-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: codeserver-password-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: PASSWORD
- secretKey: SUDO_PASSWORD
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD

86
clusters/cl01tl/helm/code-server/values.yaml Normal file
View File

@@ -0,0 +1,86 @@
code-server:
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: ghcr.io/linuxserver/code-server
tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
pullPolicy: IfNotPresent
env:
- name: TZ
value: US/Central
- name: PUID
value: 1000
- name: PGID
value: 1000
- name: DEFAULT_WORKSPACE
value: /config
envFrom:
- secretRef:
name: codeserver-password-secret
resources:
requests:
cpu: 10m
memory: 128Mi
service:
main:
controller: main
ports:
http:
port: 8443
targetPort: 8443
protocol: HTTP
route:
main:
kind: HTTPRoute
parentRefs:
- group: gateway.networking.k8s.io
kind: Gateway
name: traefik-gateway
namespace: traefik
hostnames:
- code-server.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: code-server
port: 8443
weight: 100
matches:
- path:
type: PathPrefix
value: /
persistence:
config:
forceRename: code-server-config
storageClass: ceph-block
accessMode: ReadWriteOnce
size: 2Gi
retain: true
advancedMounts:
main:
main:
- path: /config
readOnly: false
volsync-target-config:
pvcTarget: code-server-config
moverSecurityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
local:
enabled: true
schedule: 16 8 * * *
remote:
enabled: true
schedule: 16 9 * * *
external:
enabled: true
schedule: 16 10 * * *

6
clusters/cl01tl/helm/coredns/Chart.yaml
View File

@@ -5,7 +5,9 @@ description: CoreDNS
keywords: keywords:
- coredns - coredns
- dns - dns
home: https://docs.alexlebens.dev/applications/coredns/ - network
- kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/coredns/coredns - https://github.com/coredns/coredns
- https://github.com/coredns/helm - https://github.com/coredns/helm
@@ -15,6 +17,6 @@ dependencies:
- name: coredns - name: coredns
version: 1.45.2 version: 1.45.2
repository: https://coredns.github.io/helm repository: https://coredns.github.io/helm
icon: https://raw.githubusercontent.com/coredns/coredns.io/refs/heads/master/static/images/favicon.png icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/coredns.png
# renovate: datasource=github-releases depName=coredns/coredns # renovate: datasource=github-releases depName=coredns/coredns
appVersion: v1.14.2 appVersion: v1.14.2

14
clusters/cl01tl/helm/coredns/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

34
clusters/cl01tl/helm/coredns/values.yaml
View File

@@ -1,18 +1,23 @@
coredns: coredns:
image: image:
repository: registry.k8s.io/coredns/coredns repository: registry.k8s.io/coredns/coredns
tag: v1.14.2@sha256:e7e6440cfd1e919280958f5b5a6ab2b184d385bba774c12ad2a9e1e4183f90d9 tag: v1.14.2
replicaCount: 3 replicaCount: 3
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 30m cpu: 50m
memory: 30Mi memory: 128Mi
rollingUpdate:
maxUnavailable: 1
maxSurge: 25%
terminationGracePeriodSeconds: 30
serviceType: "ClusterIP"
prometheus: prometheus:
service: service:
enabled: true enabled: true
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "9153"
monitor: monitor:
enabled: true enabled: true
namespace: kube-system namespace: kube-system
@@ -24,7 +29,18 @@ coredns:
serviceAccount: serviceAccount:
create: true create: true
name: coredns name: coredns
rbac:
create: true
isClusterService: true
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
drop:
- ALL
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
servers: servers:
- zones: - zones:
- zone: . - zone: .
@@ -61,8 +77,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.111.232.172 parameters: . 10.111.232.172
- zones: - zones:
@@ -74,8 +88,6 @@ coredns:
- name: errors - name: errors
- name: cache - name: cache
parameters: 30 parameters: 30
- name: prometheus
parameters: :9153
- name: forward - name: forward
parameters: . 10.97.20.219 parameters: . 10.97.20.219
nodeSelector: nodeSelector:
@@ -88,4 +100,6 @@ coredns:
operator: Exists operator: Exists
effect: NoSchedule effect: NoSchedule
deployment: deployment:
skipConfig: false
enabled: true
name: coredns name: coredns

17
clusters/cl01tl/helm/dawarich/Chart.lock
View File

@@ -4,18 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.4.0
- name: volsync-target digest: sha256:7584c2a1613454bbd83b66df46170fd0157df5186842844d483e2dd131398574
repository: oci://harbor.alexlebens.net/helm-charts generated: "2026-03-15T20:04:49.68456485Z"
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
- name: volsync-target
repository: oci://harbor.alexlebens.net/helm-charts
version: 0.8.0
digest: sha256:6ece439d5549b7d7ccd75053846bb9b2e8f9798a2e2163eac6f62bf5cf222587
generated: "2026-04-13T20:32:54.380897459Z"

24
clusters/cl01tl/helm/dawarich/Chart.yaml
View File

@@ -5,14 +5,10 @@ description: Dawarich
keywords: keywords:
- dawarich - dawarich
- location - location
home: https://docs.alexlebens.dev/applications/dawarich/ home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/Freika/dawarich - https://github.com/Freika/dawarich
- https://hub.docker.com/r/freikin/dawarich
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -22,24 +18,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-storage
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-public
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts
- name: volsync-target
alias: volsync-target-watched
version: 0.8.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/dawarich.png
# renovate: datasource=github-releases depName=Freika/dawarich # renovate: datasource=github-releases depName=Freika/dawarich
appVersion: 1.6.1 appVersion: 1.4.0

14
clusters/cl01tl/helm/dawarich/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

31
clusters/cl01tl/helm/dawarich/templates/external-secret.yaml
View File

@@ -1,40 +1,51 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-key name: dawarich-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-key app.kubernetes.io/name: dawarich-key-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/dawarich/key key: /cl01tl/dawarich/key
metadataPolicy: None
property: key property: key
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: dawarich-oidc-authentik app.kubernetes.io/name: dawarich-oidc-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: client - secretKey: client
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/dawarich conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: client property: client
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/dawarich conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/dawarich
metadataPolicy: None
property: secret property: secret

116
clusters/cl01tl/helm/dawarich/values.yaml
View File

@@ -4,20 +4,15 @@ dawarich:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429 tag: 1.4.0
command: pullPolicy: IfNotPresent
- "web-entrypoint.sh" command: ["web-entrypoint.sh"]
args: args: ["bin/rails", "server", "-p", "3000", "-b", "::"]
- "bin/rails"
- "server"
- "-p"
- "3000"
- "-b"
- "::"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -61,12 +56,12 @@ dawarich:
- name: OIDC_CLIENT_ID - name: OIDC_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: client key: client
- name: OIDC_CLIENT_SECRET - name: OIDC_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-oidc-authentik name: dawarich-oidc-secret
key: secret key: secret
- name: OIDC_PROVIDER_NAME - name: OIDC_PROVIDER_NAME
value: Authentik value: Authentik
@@ -81,7 +76,7 @@ dawarich:
- name: SECRET_KEY_BASE - name: SECRET_KEY_BASE
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: dawarich-key name: dawarich-key-secret
key: key key: key
- name: RAILS_LOG_TO_STDOUT - name: RAILS_LOG_TO_STDOUT
value: true value: true
@@ -91,14 +86,14 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- /bin/sh - /bin/sh
- -c - -c
- "wget -qO - http://127.0.0.1:3000/api/v1/health | grep -q '\"status\"\\s*:\\s*\"ok\"'" - wget -qO - http://127.0.0.1:3000/api/v1/health | grep -Eq '\"status\"\\s*:\\s*\"ok\"'
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
@@ -106,16 +101,15 @@ dawarich:
timeoutSeconds: 10 timeoutSeconds: 10
resources: resources:
requests: requests:
cpu: 20m cpu: 10m
memory: 750Mi memory: 128Mi
sidekiq: sidekiq:
image: image:
repository: freikin/dawarich repository: freikin/dawarich
tag: 1.6.1@sha256:a884f69f19ce0f66992f3872d24544d1e587e133b8a003e072711aafc1e02429 tag: 1.4.0
command: pullPolicy: IfNotPresent
- "sidekiq-entrypoint.sh" command: ["sidekiq-entrypoint.sh"]
args: args: ["sidekiq"]
- "sidekiq"
env: env:
- name: RAILS_ENV - name: RAILS_ENV
value: production value: production
@@ -191,19 +185,23 @@ dawarich:
value: true value: true
probes: probes:
liveness: liveness:
enabled: true enabled: false
custom: true custom: true
spec: spec:
exec: exec:
command: command:
- pgrep - /bin/sh
- -f - -c
- sidekiq - pgrep -f sidekiq
failureThreshold: 5 failureThreshold: 5
initialDelaySeconds: 60 initialDelaySeconds: 60
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 10 timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 128Mi
service: service:
main: main:
controller: main controller: main
@@ -211,9 +209,11 @@ dawarich:
http: http:
port: 80 port: 80
targetPort: 3000 targetPort: 3000
protocol: TCP
metrics: metrics:
port: 9394 port: 9394
targetPort: 9394 targetPort: 9394
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -238,8 +238,11 @@ dawarich:
- dawarich.alexlebens.net - dawarich.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: dawarich - group: ""
kind: Service
name: dawarich
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -250,6 +253,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -263,6 +267,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 5Gi size: 5Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -276,6 +281,7 @@ dawarich:
storageClass: ceph-block storageClass: ceph-block
accessMode: ReadWriteOnce accessMode: ReadWriteOnce
size: 1Gi size: 1Gi
retain: true
advancedMounts: advancedMounts:
main: main:
main: main:
@@ -307,42 +313,32 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 10 14 * * *" schedule: "0 10 14 * * *"
backupName: garage-local backupName: garage-local
volsync-target-storage: # - name: weekly-backup
pvcTarget: dawarich-storage # suspend: true
local: # immediate: true
enabled: true # schedule: "0 0 4 * * SAT"
schedule: 6 8 * * * # backupName: garage-remote
remote: # - name: daily-backup
enabled: true # suspend: true
schedule: 6 9 * * * # immediate: true
external: # schedule: "0 0 0 * * *"
enabled: true # backupName: external
schedule: 6 10 * * *
volsync-target-public:
pvcTarget: dawarich-public
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *
volsync-target-watched:
pvcTarget: dawarich-watched
local:
enabled: true
schedule: 8 8 * * *
remote:
enabled: true
schedule: 8 9 * * *
external:
enabled: true
schedule: 8 10 * * *

3
clusters/cl01tl/helm/democratic-csi-synology-iscsi/Chart.yaml
View File

@@ -5,7 +5,8 @@ description: Democratic CSI
keywords: keywords:
- democratic-csi-synology-iscsi - democratic-csi-synology-iscsi
- iscsi - iscsi
home: https://docs.alexlebens.dev/applications/democratic-csi-synology-iscsi/ - kubernetes
home: https://wiki.alexlebens.dev/s/0cc6ba65-024b-4489-952a-fc0f647fd099
sources: sources:
- https://github.com/democratic-csi/democratic-csi - https://github.com/democratic-csi/democratic-csi
- https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi - https://github.com/democratic-csi/charts/tree/master/stable/democratic-csi

14
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

12
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -1,17 +1,21 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: synology-iscsi-config name: synology-iscsi-config-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: synology-iscsi-config app.kubernetes.io/name: synology-iscsi-config-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: driver-config-file.yaml - secretKey: driver-config-file.yaml
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/democratic-csi-synology-iscsi/config key: /cl01tl/democratic-csi-synology-iscsi/config
metadataPolicy: None
property: driver-config-file.yaml property: driver-config-file.yaml

7
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/namespace.yaml
View File

@@ -1,10 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: {{ .Release.Namespace }} name: democratic-csi-synology-iscsi
labels: labels:
app.kubernetes.io/name: {{ .Release.Namespace }} app.kubernetes.io/name: democratic-csi-synology-iscsi
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

34
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -1,35 +1,15 @@
democratic-csi: democratic-csi:
driver: driver:
image: existingConfigSecret: synology-iscsi-config-secret
registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config
config: config:
driver: synology-iscsi driver: synology-iscsi
resources:
requests:
cpu: 1m
memory: 128Mi
csiDriver: csiDriver:
name: "org.democratic-csi.iscsi-synology" name: "org.democratic-csi.iscsi-synology"
controller: controller:
replicaCount: 3 enabled: true
externalAttacher: rbac:
image: enabled: true
registry: registry.k8s.io/sig-storage/csi-attacher replicaCount: 2
tag: v4.11.0@sha256:b74b05b39501565022883fc128002b4cb857a7bb6c858606bcb3fdedba0b0b80
externalProvisioner:
image:
registry: registry.k8s.io/sig-storage/csi-provisioner
tag: v3.6.4@sha256:e7ad666f1d9b0caa077c7f0c157c9f87d1e73858390732496f66dcc716ff10c5
externalResizer:
image:
registry: registry.k8s.io/sig-storage/csi-resizer
tag: v1.9.4@sha256:522911ef68bd2c5c17d90fb2a6d2b2fb72ae790f2c1463a466b4262a07fdbf5a
externalSnapshotter:
image:
registry: registry.k8s.io/sig-storage/csi-snapshotter
tag: v8.5.0@sha256:da081c27e8a6d91f36042c1942362d0515ced8d06e18c11b8f893e58c4d6d797
storageClasses: storageClasses:
- name: synology-iscsi-delete - name: synology-iscsi-delete
defaultClass: false defaultClass: false
@@ -55,7 +35,3 @@ democratic-csi:
value: /usr/local/sbin/iscsiadm value: /usr/local/sbin/iscsiadm
iscsiDirHostPath: /var/iscsi iscsiDirHostPath: /var/iscsi
iscsiDirHostPathType: "" iscsiDirHostPathType: ""
driverRegistrar:
image:
registry: registry.k8s.io/sig-storage/csi-node-driver-registrar
tag: v2.16.0@sha256:ab482308a4921e28a6df09a16ab99a457e9af9641ff44fb1be1a690d07ce8b70

4
clusters/cl01tl/helm/descheduler/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Descheduler
keywords: keywords:
- descheduler - descheduler
- kube-scheduler - kube-scheduler
home: https://docs.alexlebens.dev/applications/descheduler/ - kubernetes
home: https://wiki.alexlebens.dev/s/0c38b7e4-4573-487c-82b0-4eeeb00e1276
sources: sources:
- https://github.com/kubernetes-sigs/descheduler - https://github.com/kubernetes-sigs/descheduler
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fdescheduler%2Fdescheduler
- https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler - https://github.com/kubernetes-sigs/descheduler/tree/master/charts/descheduler
maintainers: maintainers:
- name: alexlebens - name: alexlebens

14
clusters/cl01tl/helm/descheduler/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

44
clusters/cl01tl/helm/descheduler/values.yaml
View File

@@ -1,25 +1,27 @@
descheduler: descheduler:
image:
repository: registry.k8s.io/descheduler/descheduler
tag: v0.35.1@sha256:871d3b804390b0b8c7cb09d4e9b7856cf30e31f9e9e3d29562b0301a10453bb1
kind: Deployment kind: Deployment
resources: resources:
limits:
cpu: null
memory: null
requests: requests:
cpu: 10m cpu: 10m
memory: 50Mi memory: 64Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
deschedulingInterval: 5m deschedulingInterval: 5m
replicas: 3 replicas: 1
leaderElection: leaderElection:
enabled: true enabled: false
leaseDuration: 15s command:
renewDeadline: 10s - "/bin/descheduler"
retryPeriod: 2s cmdOptions:
resourceLock: "leases" v: 3
resourceName: "descheduler" deschedulerPolicyAPIVersion: "descheduler/v1alpha2"
resourceNamespace: "descheduler"
deschedulerPolicy: deschedulerPolicy:
profiles: profiles:
- name: default - name: default
@@ -51,13 +53,13 @@ descheduler:
- name: LowNodeUtilization - name: LowNodeUtilization
args: args:
thresholds: thresholds:
cpu: 20 cpu: 30
memory: 20 memory: 30
pods: 20 pods: 50
targetThresholds: targetThresholds:
cpu: 50 cpu: 60
memory: 50 memory: 40
pods: 60 pods: 80
plugins: plugins:
balance: balance:
enabled: enabled:

8
clusters/cl01tl/helm/directus/Chart.lock
View File

@@ -4,9 +4,9 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 7.11.2 version: 7.10.0
- name: valkey - name: valkey
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 0.6.1 version: 0.4.0
digest: sha256:78f5065d1125792c88e4d24f5ac1ee3d6310b4997f552020c44d0615335ea329 digest: sha256:dfcb5d35e03ecdc4206227d206d36509319f0dcdaed54363840d71337debb3f7
generated: "2026-04-13T20:33:13.909018545Z" generated: "2026-03-15T20:05:03.156596646Z"

16
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -4,14 +4,16 @@ version: 1.0.0
description: Directus description: Directus
keywords: keywords:
- directus - directus
- content-management-system - cms
home: https://docs.alexlebens.dev/applications/directus/ home: https://wiki.alexlebens.dev/s/c2d242de-dcaa-4801-86a2-c4761dc8bf9b
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus - https://github.com/cloudflare/cloudflared
- https://github.com/cloudnative-pg/cloudnative-pg
- https://hub.docker.com/r/directus/directus
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
@@ -21,12 +23,12 @@ dependencies:
version: 4.6.2 version: 4.6.2
- name: postgres-cluster - name: postgres-cluster
alias: postgres-18-cluster alias: postgres-18-cluster
version: 7.11.2 version: 7.10.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
- name: valkey - name: valkey
alias: valkey alias: valkey
version: 0.6.1 version: 0.4.0
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/directus.png
# renovate: datasource=github-releases depName=directus/directus # renovate: datasource=github-releases depName=directus/directus
appVersion: 11.17.3 appVersion: 11.16.1

14
clusters/cl01tl/helm/directus/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

172
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -5,28 +5,71 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-config app.kubernetes.io/name: directus-config
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key
remoteRef:
key: /cl01tl/directus/key
property: key
- secretKey: secret
remoteRef:
key: /cl01tl/directus/key
property: secret
- secretKey: admin-email - secretKey: admin-email
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-email property: admin-email
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config key: /cl01tl/directus/config
metadataPolicy: None
property: admin-password property: admin-password
- secretKey: secret
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: secret
- secretKey: key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/config
metadataPolicy: None
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/directus
metadataPolicy: None
property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -36,67 +79,21 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-metric-token app.kubernetes.io/name: directus-metric-token
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: metric-token - secretKey: metric-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/metrics key: /cl01tl/directus/metrics
metadataPolicy: None
property: metric-token property: metric-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: user
remoteRef:
key: /cl01tl/directus/valkey
property: user
- secretKey: password
remoteRef:
key: /cl01tl/directus/valkey
property: password
- secretKey: default
remoteRef:
key: /cl01tl/directus/valkey
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-authentik
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
key: /cl01tl/authentik/oidc/directus
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
key: /cl01tl/authentik/oidc/directus
property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -105,21 +102,68 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-bucket-garage app.kubernetes.io/name: directus-bucket-garage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_KEY_ID property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY - secretKey: ACCESS_SECRET_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_SECRET_KEY property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION - secretKey: ACCESS_REGION
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
metadataPolicy: None
property: ACCESS_REGION property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: default
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password
- secretKey: user
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: user
- secretKey: password
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/directus/valkey
metadataPolicy: None
property: password

43
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -4,11 +4,13 @@ directus:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
revisionHistoryLimit: 3
containers: containers:
main: main:
image: image:
repository: ghcr.io/directus/directus repository: directus/directus
tag: 11.17.3@sha256:ae6ab737fd04077d295bbefa545cc4aefccc206e3d0120c83812f9b482a8c9a5 tag: 11.16.1
pullPolicy: IfNotPresent
env: env:
- name: PUBLIC_URL - name: PUBLIC_URL
value: https://directus.alexlebens.net value: https://directus.alexlebens.net
@@ -113,12 +115,12 @@ directus:
- name: AUTH_AUTHENTIK_CLIENT_ID - name: AUTH_AUTHENTIK_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-oidc-authentik name: directus-oidc-secret
key: OIDC_CLIENT_ID key: OIDC_CLIENT_ID
- name: AUTH_AUTHENTIK_CLIENT_SECRET - name: AUTH_AUTHENTIK_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-oidc-authentik name: directus-oidc-secret
key: OIDC_CLIENT_SECRET key: OIDC_CLIENT_SECRET
- name: AUTH_AUTHENTIK_SCOPE - name: AUTH_AUTHENTIK_SCOPE
value: openid profile email value: openid profile email
@@ -142,7 +144,7 @@ directus:
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
memory: 300Mi memory: 256Mi
service: service:
main: main:
controller: main controller: main
@@ -150,6 +152,7 @@ directus:
http: http:
port: 80 port: 80
targetPort: 8055 targetPort: 8055
protocol: TCP
serviceMonitor: serviceMonitor:
main: main:
selector: selector:
@@ -177,8 +180,11 @@ directus:
- directus.alexlebens.net - directus.alexlebens.net
rules: rules:
- backendRefs: - backendRefs:
- name: directus - group: ''
kind: Service
name: directus
port: 80 port: 80
weight: 100
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix
@@ -196,12 +202,35 @@ postgres-18-cluster:
destinationBucket: postgres-backups destinationBucket: postgres-backups
externalSecretCredentialPath: /garage/home-infra/postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups
isWALArchiver: true isWALArchiver: true
# - name: garage-remote
# index: 1
# destinationBucket: postgres-backups
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# retentionPolicy: "90d"
# data:
# compression: bzip2
# - name: external
# index: 1
# endpointURL: https://nyc3.digitaloceanspaces.com
# destinationBucket: postgres-backups-ce540ddf106d186bbddca68a
# externalSecretCredentialPath: /garage/home-infra/postgres-backups
# isWALArchiver: false
scheduledBackups: scheduledBackups:
- name: live-backup - name: live-backup
suspend: false suspend: false
immediate: true immediate: true
schedule: "0 15 14 * * *" schedule: "0 15 14 * * *"
backupName: garage-local backupName: garage-local
# - name: weekly-backup
# suspend: true
# immediate: true
# schedule: "0 0 4 * * SAT"
# backupName: garage-remote
# - name: daily-backup
# suspend: true
# immediate: true
# schedule: "0 0 0 * * *"
# backupName: external
valkey: valkey:
valkey: valkey:
auth: auth:
@@ -210,7 +239,5 @@ valkey:
aclUsers: aclUsers:
default: default:
permissions: "~* &* +@all" permissions: "~* &* +@all"
# No option to configure metrics when auth is enabled
# https://github.com/valkey-io/valkey-helm/issues/135
metrics: metrics:
enabled: false enabled: false

6
clusters/cl01tl/helm/elastic-operator/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: eck-operator - name: eck-operator
repository: https://helm.elastic.co repository: https://helm.elastic.co
version: 3.3.2 version: 3.3.1
digest: sha256:ac7a849a6d8244ef56c11f18438c4c76133f92d245228c5a1c8369d42562c177 digest: sha256:8585f3ea3e4cafc4ff2969ea7e797017b7cfe4becb3385f0b080725908c02f09
generated: "2026-04-01T21:30:02.975920565Z" generated: "2026-02-25T18:48:55.77034549Z"

9
clusters/cl01tl/helm/elastic-operator/Chart.yaml
View File

@@ -6,7 +6,8 @@ keywords:
- elastic-operator - elastic-operator
- operator - operator
- elastic-search - elastic-search
home: https://docs.alexlebens.dev/applications/elastic-operator/ - kubernetes
home: https://wiki.alexlebens.dev/s/
sources: sources:
- https://github.com/elastic/cloud-on-k8s - https://github.com/elastic/cloud-on-k8s
- https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator - https://github.com/elastic/cloud-on-k8s/tree/main/deploy/eck-operator
@@ -14,8 +15,8 @@ maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: eck-operator - name: eck-operator
version: 3.3.2 version: 3.3.1
repository: https://helm.elastic.co repository: https://helm.elastic.co
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/elastic.png icon: https://helm.elastic.co/icons/eck.png
# renovate: datasource=github-releases depName=elastic/cloud-on-k8s # renovate: datasource=github-releases depName=elastic/cloud-on-k8s
appVersion: v3.3.2 appVersion: v3.3.1

14
clusters/cl01tl/helm/elastic-operator/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/elastic-operator/values.yaml
View File

@@ -1,16 +1,9 @@
eck-operator: eck-operator:
managedNamespaces: managedNamespaces:
- stalwart
- tubearchivist - tubearchivist
- stalwart
installCRDs: true installCRDs: true
replicaCount: 2 replicaCount: 2
resources:
limits:
cpu: null
memory: null
requests:
cpu: 2m
memory: 50Mi
telemetry: telemetry:
disabled: true disabled: true
config: config:

8
clusters/cl01tl/helm/element-web/Chart.lock
View File

@@ -1,9 +1,9 @@
dependencies: dependencies:
- name: element-web - name: element-web
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
version: 1.4.34 version: 1.4.33
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0 version: 2.4.0
digest: sha256:8640b8a250bdcd9e7561e3d28538ccf4644a7159a035ee0a5fdbcf71dc5b2bbe digest: sha256:63b0e582d42fb42bcf4d96ba4b299e42c434c42f284208596808288543192fe0
generated: "2026-04-10T01:17:19.932208699Z" generated: "2026-03-24T16:11:50.424321433Z"

14
clusters/cl01tl/helm/element-web/Chart.yaml
View File

@@ -4,22 +4,24 @@ version: 1.0.0
description: Element Web description: Element Web
keywords: keywords:
- element-web - element-web
- matrix-chat - chat
home: https://docs.alexlebens.dev/applications/element-web/ - matrix
home: https://wiki.alexlebens.dev/s/e3b03481-1a1d-4b56-8cd9-e75a8dcc0f6c
sources: sources:
- https://github.com/element-hq/element-web - https://github.com/element-hq/element-web
- https://github.com/element-hq/element-web/pkgs/container/element-web - https://github.com/cloudflare/cloudflared
- https://hub.docker.com/r/vectorim/element-web
- https://gitlab.com/ananace/charts/-/tree/master/charts/element-web - https://gitlab.com/ananace/charts/-/tree/master/charts/element-web
- https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: element-web - name: element-web
version: 1.4.34 version: 1.4.33
repository: https://ananace.gitlab.io/charts repository: https://ananace.gitlab.io/charts
- name: cloudflared - name: cloudflared
repository: oci://harbor.alexlebens.net/helm-charts repository: oci://harbor.alexlebens.net/helm-charts
version: 2.5.0 version: 2.4.0
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/element.png
# renovate: datasource=github-releases depName=element-hq/element-web # renovate: datasource=github-releases depName=element-hq/element-web
appVersion: v1.12.15 appVersion: v1.12.13

14
clusters/cl01tl/helm/element-web/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

11
clusters/cl01tl/helm/element-web/values.yaml
View File

@@ -1,8 +1,9 @@
element-web: element-web:
replicaCount: 1 replicaCount: 1
image: image:
repository: ghcr.io/element-hq/element-web repository: vectorim/element-web
tag: v1.12.15@sha256:c7fa40b5ba3891f8af3ce63da0818f457c1802a9ee4d2f5e46a9df36a2388eed tag: v1.12.13
pullPolicy: IfNotPresent
defaultServer: defaultServer:
url: https://matrix.alexlebens.dev url: https://matrix.alexlebens.dev
name: alexlebens.dev name: alexlebens.dev
@@ -17,7 +18,9 @@ element-web:
immediate: true immediate: true
default_theme: dark default_theme: dark
default_country_code: US default_country_code: US
ingress:
enabled: false
resources: resources:
requests: requests:
cpu: 1m cpu: 10m
memory: 10Mi memory: 128Mi

7
clusters/cl01tl/helm/eraser/Chart.lock
View File

@@ -2,8 +2,5 @@ dependencies:
- name: eraser - name: eraser
repository: https://eraser-dev.github.io/eraser/charts repository: https://eraser-dev.github.io/eraser/charts
version: 1.4.1 version: 1.4.1
- name: app-template digest: sha256:da828de684b0cd82e99994586f3db4f55c43c01607c4d8d0e70e204c7bbbbf5b
repository: https://bjw-s-labs.github.io/helm-charts/ generated: "2025-12-03T22:53:20.200917773Z"
version: 4.6.2
digest: sha256:8414813d3d9d195b16ef7ebf814f7095a16413f4b0e579fcb37738000624f68c
generated: "2026-04-08T21:39:05.689756-05:00"

12
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -5,23 +5,17 @@ description: Eraser
keywords: keywords:
- eraser - eraser
- images - images
home: https://docs.alexlebens.dev/applications/eraser/ - kubernetes
home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377
sources: sources:
- https://github.com/eraser-dev/eraser - https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/open-telemetry/opentelemetry-collector-releases/pkgs/container/opentelemetry-collector-releases%2Fopentelemetry-collector
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser - https://github.com/eraser-dev/eraser/tree/main/charts/eraser
- https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template
maintainers: maintainers:
- name: alexlebens - name: alexlebens
dependencies: dependencies:
- name: eraser - name: eraser
version: 1.4.1 version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts repository: https://eraser-dev.github.io/eraser/charts
- name: app-template icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
alias: eraser-metrics
repository: https://bjw-s-labs.github.io/helm-charts/
version: 4.6.2
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
# renovate: datasource=github-releases depName=eraser-dev/eraser # renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1 appVersion: v1.4.1

14
clusters/cl01tl/helm/eraser/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

131
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -1,119 +1,50 @@
eraser: eraser:
runtimeConfig: runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager: manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling: scheduling:
repeatInterval: 24h repeatInterval: 24h
beginImmediately: true beginImmediately: true
profile:
enabled: false
port: 6060
imageJob: imageJob:
successRatio: 1.0
cleanup: cleanup:
delayOnSuccess: 0s delayOnSuccess: 0s
delayOnFailure: 24h delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components: components:
collector: collector:
image: enabled: true
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
request: request:
cpu: 1m cpu: 10m
memory: 20Mi memory: 128Mi
scanner: scanner:
enabled: false enabled: false
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
request: request:
cpu: 1m cpu: 100m
memory: 20Mi memory: 128Mi
config: ""
remover:
request:
cpu: 10m
memory: 128Mi
deploy: deploy:
image: securityContext:
repo: ghcr.io/eraser-dev/eraser-manager allowPrivilegeEscalation: false
tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d
resources: resources:
limits:
memory: null
requests: requests:
cpu: 1m cpu: 10m
memory: 20Mi memory: 30Mi
eraser-metrics: nodeSelector:
global: kubernetes.io/os: linux
nameOverride: eraser-metrics
fullnameOverride: eraser-metrics
controllers:
main:
type: deployment
replicas: 1
strategy: Recreate
containers:
main:
image:
repository: ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector
tag: 0.150.1@sha256:618f7867e49fdb173d9b46d535b01f82254b0b14beac6ab1f6f2eb8cf62c5d42
command:
- /otelcol
- --config=/conf/otel-collector-config.yaml
resources:
requests:
cpu: 10m
memory: 20Mi
configMaps:
config:
enabled: true
forceRename: eraser-config
data:
otel-collector-config.yaml: |
receivers:
otlp:
protocols:
http:
exporters:
prometheus:
endpoint: "0.0.0.0:8889"
send_timestamps: true
metric_expiration: 180m
service:
telemetry:
logs:
encoding: json
pipelines:
metrics:
receivers:
- otlp
exporters:
- prometheus
service:
main:
controller: main
ports:
http:
port: 4318
targetPort: 4318
metrics:
port: 8889
targetPort: 8889
serviceMonitor:
main:
selector:
matchLabels:
app.kubernetes.io/name: eraser-metrics
app.kubernetes.io/instance: eraser-metrics
serviceName: '{{ include "bjw-s.common.lib.chart.names.fullname" $ }}'
endpoints:
- port: metrics
interval: 30s
scrapeTimeout: 15s
path: /metrics
persistence:
config:
enabled: true
type: configMap
name: eraser-config
advancedMounts:
main:
main:
- path: /conf/otel-collector-config.yaml
readOnly: true
mountPropagation: None
subPath: otel-collector-config.yaml

Some files were not shown because too many files have changed in this diff Show More