Compare commits
1 Commits
tmp/secret
...
fe15d057ff
| Author | SHA1 | Date | |
|---|---|---|---|
fe15d057ff
|
@@ -482,7 +482,6 @@ jobs:
|
||||
# echo ">> Render templates for ${APP_NAME} ..."
|
||||
# CHART_PATH="clusters/${CLUSTER}/helm/${APP_NAME}"
|
||||
# OUTPUT_FOLDER="clusters/${CLUSTER}/manifests/${APP_NAME}/"
|
||||
# mkdir -p "${OUTPUT_FOLDER}"
|
||||
|
||||
# helm dependency build "${CHART_PATH}" --skip-refresh
|
||||
|
||||
@@ -500,7 +499,7 @@ jobs:
|
||||
# echo ">> Standard Rendering ..."
|
||||
# esac
|
||||
|
||||
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
|
||||
# TEMPLATE=$(helm template "${APP_NAME}" "${CHART_PATH}" --include-crds --namespace "${NAMESPACE}" --include-crds --api-versions "gateway.networking.k8s.io/v1/HTTPRoute,monitoring.coreos.com/v1,monitoring.coreos.com/v1/ServiceMonitor")
|
||||
|
||||
# # Format and split rendered template
|
||||
# echo "${TEMPLATE}" | yq '... comments=""' | yq 'select(. != null)' | yq -s '"'"${OUTPUT_FOLDER}"'" + .kind + "-" + .metadata.name + ".yaml"'
|
||||
@@ -527,38 +526,29 @@ jobs:
|
||||
# run: |
|
||||
# FAILED_CHARTS=""
|
||||
# DIFF_FOUND="false"
|
||||
# EXIT_CODE=0
|
||||
|
||||
# for APP_NAME in ${CHANGED_CHARTS}; do
|
||||
# echo ">> Running argocd app diff for ${APP_NAME} ..."
|
||||
# if ! argocd app diff "${APP_NAME}" \
|
||||
# argocd app diff "${APP_NAME}" \
|
||||
# --server "${ARGOCD_SERVER}" \
|
||||
# --auth-token "${ARGOCD_AUTH_TOKEN}" \
|
||||
# --revision ${{ github.sha }} \
|
||||
# --revision ${{ gitea.sha }} \
|
||||
# --diff-exit-code 0 \
|
||||
# --local "clusters/${CLUSTER}/manifests/${APP_NAME}" \
|
||||
# --local-repo-root "." \
|
||||
# --grpc-web > "diff_output_${APP_NAME}.txt" 2>&1; then
|
||||
|
||||
# # ArgoCD diff returns non-zero on diff or error.
|
||||
# # Let's capture if it actually generated a diff output to post.
|
||||
# DIFF_FOUND="true"
|
||||
|
||||
# # Check if the output contains validation/connection errors
|
||||
# if grep -iE 'error|failed|connection refused|timeout' "diff_output_${APP_NAME}.txt"; then
|
||||
# echo ">> ArgoCD encountered an error validating ${APP_NAME}!"
|
||||
# EXIT_CODE=1
|
||||
# FAILED_CHARTS="${FAILED_CHARTS} ${APP_NAME}"
|
||||
# fi
|
||||
# fi
|
||||
# --grpc-web > "diff_output_${APP_NAME}.txt"
|
||||
|
||||
# if [ -s "diff_output_${APP_NAME}.txt" ]; then
|
||||
# echo ">> Argo diff or errors:"
|
||||
# echo ">> Argo diff:"
|
||||
# echo ""
|
||||
# cat diff_output_${APP_NAME}.txt
|
||||
# echo ""
|
||||
|
||||
# DIFF_FOUND="true"
|
||||
|
||||
# else
|
||||
# echo ">> No Argo diff found for ${APP_NAME}"
|
||||
# rm "diff_output_${APP_NAME}.txt"
|
||||
|
||||
# fi
|
||||
# done
|
||||
|
||||
@@ -566,13 +556,13 @@ jobs:
|
||||
# echo "diff-detected=${DIFF_FOUND}" >> "$GITHUB_OUTPUT"
|
||||
# echo "failed-charts=${FAILED_CHARTS}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
# exit $EXIT_CODE
|
||||
# exit $OVERALL_EXIT_CODE
|
||||
|
||||
# - name: Post Diff
|
||||
# if: |
|
||||
# always() &&
|
||||
# steps.diff.outputs.diff-detected == 'true' &&
|
||||
# github.event.pull_request.number != null
|
||||
# gitea.event.pull_request.number != null
|
||||
# env:
|
||||
# GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||
# run: |
|
||||
@@ -598,7 +588,7 @@ jobs:
|
||||
# done
|
||||
|
||||
# curl -X 'POST' \
|
||||
# "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments" \
|
||||
# "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/issues/${{ gitea.event.pull_request.number }}/comments" \
|
||||
# -H "Authorization: token ${GITEA_TOKEN}" \
|
||||
# -H "Content-Type: application/json" \
|
||||
# -d "$(jq -n --arg body "$COMMENT_BODY" '{body: $body}')"
|
||||
|
||||
@@ -13,7 +13,7 @@ on:
|
||||
jobs:
|
||||
renovate:
|
||||
runs-on: ubuntu-latest
|
||||
container: ghcr.io/renovatebot/renovate:43.138.2@sha256:79765b2442117d5c87e17456aa79ae54b4e0e2a4d9212a10508e233706375556
|
||||
container: ghcr.io/renovatebot/renovate:43.123.4@sha256:118803cb3c32cdc39ff654c18baabf30f214d4158873277a154ec815d85ceb1d
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
@@ -2,5 +2,8 @@ dependencies:
|
||||
- name: app-template
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
digest: sha256:1c04c187e6cf768117f7f91f3a3b082937ad5854c1cf6a681ad7c02687cd543d
|
||||
generated: "2026-04-18T20:15:22.778699-05:00"
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:ff81b3d8fc831e4b8048f646fffcf597aa7410e52ecf27690eab8104047dbe6f
|
||||
generated: "2026-03-06T01:04:41.514235218Z"
|
||||
|
||||
@@ -18,10 +18,10 @@ dependencies:
|
||||
alias: actual
|
||||
repository: https://bjw-s-labs.github.io/helm-charts/
|
||||
version: 4.6.2
|
||||
# - name: volsync-target
|
||||
# alias: volsync-target-data
|
||||
# version: 0.8.0
|
||||
# repository: oci://harbor.alexlebens.net/helm-charts
|
||||
- name: volsync-target
|
||||
alias: volsync-target-data
|
||||
version: 0.8.0
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/actual-budget.png
|
||||
# renovate: datasource=github-releases depName=actualbudget/actual
|
||||
appVersion: 26.4.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
version: 9.5.2
|
||||
digest: sha256:5d9e6405ee944bf94df6af247164ebb9b8899144853b9a7eafabe8606affe84e
|
||||
generated: "2026-04-19T19:53:40.43789-05:00"
|
||||
version: 9.5.0
|
||||
digest: sha256:69daada0822f796cd49eeda2d9e39dd5c0c42bb61b6898af68123c8c49f25fa1
|
||||
generated: "2026-04-08T22:05:49.003208408Z"
|
||||
|
||||
@@ -13,8 +13,8 @@ maintainers:
|
||||
- name: alexlebens
|
||||
dependencies:
|
||||
- name: argo-cd
|
||||
version: 9.5.2
|
||||
version: 9.5.0
|
||||
repository: https://argoproj.github.io/argo-helm
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/argo-cd.png
|
||||
# renovate: datasource=github-releases depName=argoproj/argo-cd
|
||||
appVersion: v3.3.7
|
||||
appVersion: v3.3.6
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,40 +1,70 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-oidc-authentik
|
||||
name: argocd-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: argocd-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/argocd
|
||||
key: /authentik/oidc/argocd
|
||||
property: secret
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/argocd
|
||||
key: /authentik/oidc/argocd
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-notifications-ntfy
|
||||
name: argocd-notifications-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-notifications-ntfy
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: argocd-notifications-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ntfy-token
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
key: /ntfy/user/cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: argocd-gitea-repo-infrastructure-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: argocd-gitea-repo-infrastructure-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: type
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: type
|
||||
- secretKey: url
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: url
|
||||
- secretKey: sshPrivateKey
|
||||
remoteRef:
|
||||
key: /cl01tl/argocd/credentials/repo/infrastructure
|
||||
property: sshPrivateKey
|
||||
|
||||
@@ -13,8 +13,8 @@ argo-cd:
|
||||
connectors:
|
||||
- config:
|
||||
issuer: https://authentik.alexlebens.net/application/o/argocd/
|
||||
clientID: $argocd-oidc-authentik:client
|
||||
clientSecret: $argocd-oidc-authentik:secret
|
||||
clientID: $argocd-oidc-secret:client
|
||||
clientSecret: $argocd-oidc-secret:secret
|
||||
insecureEnableGroups: true
|
||||
scopes:
|
||||
- openid
|
||||
@@ -205,7 +205,7 @@ argo-cd:
|
||||
argocdUrl: https://argocd.alexlebens.net
|
||||
secret:
|
||||
create: false
|
||||
name: argocd-notifications-ntfy
|
||||
name: argocd-notifications-secret
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
|
||||
@@ -32,4 +32,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/audiobookshelf.png
|
||||
# renovate: datasource=github-releases depName=advplyr/audiobookshelf
|
||||
appVersion: 2.33.2
|
||||
appVersion: 2.33.1
|
||||
|
||||
@@ -1,27 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.booksNfsName" -}}
|
||||
audiobookshelf-books-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "custom.audiobooksNfsName" -}}
|
||||
audiobookshelf-audiobooks-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "custom.podcastsNfsName" -}}
|
||||
audiobookshelf-podcasts-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -1,23 +1,18 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: audiobookshelf-config-apprise
|
||||
name: audiobookshelf-apprise-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: audiobookshelf-config-apprise
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: audiobookshelf-apprise-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
engineVersion: v2
|
||||
data:
|
||||
ntfy-url: "{{ `{{ .endpoint }}` }}/audiobookshelf"
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: endpoint
|
||||
- secretKey: ntfy-url
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
property: internal-endpoint-credential
|
||||
key: /cl01tl/audiobookshelf/apprise
|
||||
property: ntfy-url
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.booksNfsName" . }}
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.booksNfsName" . }}
|
||||
{{ include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.booksNfsName" . }}
|
||||
volumeName: audiobookshelf-books-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -19,13 +20,14 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.audiobooksNfsName" . }}
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.audiobooksNfsName" . }}
|
||||
volumeName: audiobookshelf-audiobooks-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -37,13 +39,14 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.podcastsNfsName" . }}
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.podcastsNfsName" . }}
|
||||
volumeName: audiobookshelf-podcasts-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.booksNfsName" . }}
|
||||
name: audiobookshelf-books-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.booksNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: audiobookshelf-books-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -25,11 +26,12 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.audiobooksNfsName" . }}
|
||||
name: audiobookshelf-audiobooks-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.audiobooksNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: audiobookshelf-audiobooks-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -49,11 +51,12 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.podcastsNfsName" . }}
|
||||
name: audiobookshelf-podcasts-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.podcastsNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: audiobookshelf-podcasts-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -12,7 +12,7 @@ audiobookshelf:
|
||||
main:
|
||||
image:
|
||||
repository: ghcr.io/advplyr/audiobookshelf
|
||||
tag: 2.33.2@sha256:a44ed89b3e845faa1f7d353f2cc89b2fcd8011737dd14075fa963cf9468da3a5
|
||||
tag: 2.33.1@sha256:a4a5841bba093d81e5f4ad1eaedb4da3fda6dbb2528c552349da50ad1f7ae708
|
||||
env:
|
||||
- name: TZ
|
||||
value: America/Chicago
|
||||
@@ -40,7 +40,7 @@ audiobookshelf:
|
||||
- name: APPRISE_STATELESS_URLS
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: audiobookshelf-config-apprise
|
||||
name: audiobookshelf-apprise-config
|
||||
key: ntfy-url
|
||||
service:
|
||||
main:
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,15 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: authentik-key
|
||||
name: authentik-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: authentik-key
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: authentik-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-tailscale
|
||||
name: authentik-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: authentik-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
@@ -25,4 +26,4 @@ spec:
|
||||
service:
|
||||
name: authentik-server
|
||||
port:
|
||||
name: http
|
||||
number: 80
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: allow-outpost-cross-namespace-access
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
from:
|
||||
- group: gateway.networking.k8s.io
|
||||
|
||||
@@ -4,7 +4,7 @@ authentik:
|
||||
- name: AUTHENTIK_SECRET_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: authentik-key
|
||||
name: authentik-key-secret
|
||||
key: key
|
||||
- name: AUTHENTIK_POSTGRESQL__HOST
|
||||
valueFrom:
|
||||
|
||||
@@ -1,24 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.storageNfsName" -}}
|
||||
backrest-nfs-storage
|
||||
{{- end -}}
|
||||
{{- define "custom.shareNfsName" -}}
|
||||
backrest-nfs-share
|
||||
{{- end -}}
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.storageNfsName" . }}
|
||||
volumeName: backrest-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
@@ -19,13 +20,14 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.shareNfsName" . }}
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.shareNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.shareNfsName" . }}
|
||||
volumeName: backrest-nfs-share
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: backrest-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: backrest-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
@@ -25,11 +26,12 @@ spec:
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.shareNfsName" . }}
|
||||
name: backrest-nfs-share
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.shareNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: backrest-nfs-share
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.storageNfsName" -}}
|
||||
bazarr-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -1,15 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: bazarr-key
|
||||
name: bazarr-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bazarr-key
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: bazarr-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.storageNfsName" . }}
|
||||
volumeName: bazarr-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: bazarr-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: bazarr-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -39,7 +39,7 @@ bazarr:
|
||||
- name: APIKEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: bazarr-key
|
||||
name: bazarr-key-secret
|
||||
key: key
|
||||
- name: ENABLE_ADDITIONAL_METRICS
|
||||
value: false
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,24 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.cloudflareSecretName" -}}
|
||||
cert-manager-cloudflare-api-token
|
||||
{{- end -}}
|
||||
{{- define "custom.cloudflareSecretKey" -}}
|
||||
api-token
|
||||
{{- end -}}
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: letsencrypt-issuer
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
acme:
|
||||
email: alexanderlebens@gmail.com
|
||||
@@ -21,5 +22,5 @@ spec:
|
||||
cloudflare:
|
||||
email: alexanderlebens@gmail.com
|
||||
apiTokenSecretRef:
|
||||
name: {{ include "custom.cloudflareSecretName" . }}
|
||||
key: {{ include "custom.cloudflareSecretKey" . }}
|
||||
name: cloudflare-api-token
|
||||
key: api-token
|
||||
|
||||
@@ -1,17 +1,18 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: {{ include "custom.cloudflareSecretName" . }}
|
||||
name: cloudflare-api-token
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.cloudflareSecretName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: cloudflare-api-token
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: {{ include "custom.cloudflareSecretKey" . }}
|
||||
- secretKey: api-token
|
||||
remoteRef:
|
||||
key: /cloudflare/alexlebens.net/cl01tl-issuer-certificate
|
||||
key: /cloudflare/alexlebens.net/clusterissuer
|
||||
property: token
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,19 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPAdvertisement
|
||||
# metadata:
|
||||
# name: cilium-bgp-advertisements
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-bgp-advertisements
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# advertisements:
|
||||
# - advertisementType: "Service"
|
||||
# service:
|
||||
# addresses:
|
||||
# - ExternalIP
|
||||
# - LoadBalancerIP
|
||||
# selector:
|
||||
# matchExpressions:
|
||||
# - {key: somekey, operator: NotIn, values: ['never-used-value']}
|
||||
@@ -0,0 +1,22 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPClusterConfig
|
||||
# metadata:
|
||||
# name: cilium-bgp
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-bgp
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# nodeSelector:
|
||||
# matchLabels:
|
||||
# node-role.kubernetes.io/bgp: "65020"
|
||||
# bgpInstances:
|
||||
# - name: "65020"
|
||||
# localASN: 65020
|
||||
# peers:
|
||||
# - name: "udm-65000"
|
||||
# peerASN: 65000
|
||||
# peerAddress: 192.168.1.1
|
||||
# peerConfigRef:
|
||||
# name: "cilium-peer"
|
||||
@@ -0,0 +1,23 @@
|
||||
# apiVersion: cilium.io/v2
|
||||
# kind: CiliumBGPPeerConfig
|
||||
# metadata:
|
||||
# name: cilium-peer
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-peer
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# spec:
|
||||
# timers:
|
||||
# holdTimeSeconds: 9
|
||||
# keepAliveTimeSeconds: 3
|
||||
# ebgpMultihop: 4
|
||||
# gracefulRestart:
|
||||
# enabled: true
|
||||
# restartTimeSeconds: 15
|
||||
# families:
|
||||
# - afi: ipv4
|
||||
# safi: unicast
|
||||
# advertisements:
|
||||
# matchLabels:
|
||||
# app.kubernetes.io/name: cilium-bgp-advertisements
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: default-ip-pool
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.1.21"
|
||||
@@ -19,7 +20,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: bgp-ip-pool
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
blocks:
|
||||
- start: "10.232.2.100"
|
||||
|
||||
45
clusters/cl01tl/helm/cilium/templates/gateway.yaml
Normal file
45
clusters/cl01tl/helm/cilium/templates/gateway.yaml
Normal file
@@ -0,0 +1,45 @@
|
||||
# apiVersion: gateway.networking.k8s.io/v1
|
||||
# kind: Gateway
|
||||
# metadata:
|
||||
# name: cilium-tls-gateway
|
||||
# namespace: {{ .Release.Namespace }}
|
||||
# labels:
|
||||
# app.kubernetes.io/name: cilium-tls-gateway
|
||||
# app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
# app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
# annotations:
|
||||
# cert-manager.io/cluster-issuer: letsencrypt-issuer
|
||||
# spec:
|
||||
# addresses:
|
||||
# - type: IPAddress
|
||||
# value: 10.232.1.23
|
||||
# gatewayClassName: cilium
|
||||
# listeners:
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: '*.alexlebens.net'
|
||||
# name: https
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
# tls:
|
||||
# certificateRefs:
|
||||
# - group: ''
|
||||
# kind: Secret
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
# - allowedRoutes:
|
||||
# namespaces:
|
||||
# from: All
|
||||
# hostname: 'alexlebens.net'
|
||||
# name: https-domain
|
||||
# port: 443
|
||||
# protocol: HTTPS
|
||||
# tls:
|
||||
# certificateRefs:
|
||||
# - group: ''
|
||||
# kind: Secret
|
||||
# name: https-gateway-cert
|
||||
# namespace: kube-system
|
||||
# mode: Terminate
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: hubble
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
@@ -20,6 +21,8 @@ spec:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- kind: Service
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: hubble-ui
|
||||
port: 80
|
||||
weight: 100
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,15 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-key
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: dawarich-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
@@ -20,21 +21,22 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: dawarich-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: dawarich-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: client
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
key: /authentik/oidc/dawarich
|
||||
property: client
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/dawarich
|
||||
key: /authentik/oidc/dawarich
|
||||
property: secret
|
||||
|
||||
@@ -61,12 +61,12 @@ dawarich:
|
||||
- name: OIDC_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: client
|
||||
- name: OIDC_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-oidc-authentik
|
||||
name: dawarich-oidc-secret
|
||||
key: secret
|
||||
- name: OIDC_PROVIDER_NAME
|
||||
value: Authentik
|
||||
@@ -81,7 +81,7 @@ dawarich:
|
||||
- name: SECRET_KEY_BASE
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: dawarich-key
|
||||
name: dawarich-key-secret
|
||||
key: key
|
||||
- name: RAILS_LOG_TO_STDOUT
|
||||
value: true
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,15 +1,16 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: synology-iscsi-config
|
||||
name: synology-iscsi-config-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: synology-iscsi-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: synology-iscsi-config-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: driver-config-file.yaml
|
||||
remoteRef:
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Release.Namespace }}
|
||||
name: democratic-csi-synology-iscsi
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Namespace }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: democratic-csi-synology-iscsi
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
|
||||
@@ -3,7 +3,7 @@ democratic-csi:
|
||||
image:
|
||||
registry: ghcr.io/democratic-csi/democratic-csi
|
||||
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
|
||||
existingConfigSecret: synology-iscsi-config
|
||||
existingConfigSecret: synology-iscsi-config-secret
|
||||
config:
|
||||
driver: synology-iscsi
|
||||
resources:
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,7 @@ description: Directus
|
||||
keywords:
|
||||
- directus
|
||||
- content-management-system
|
||||
home: https://docs.alexlebens.dev/applications/directus/
|
||||
home: https://docs.alexlebens.dev/applications/descheduler/
|
||||
sources:
|
||||
- https://github.com/directus/directus
|
||||
- https://github.com/directus/directus/pkgs/container/directus
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,20 +5,13 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/key
|
||||
property: key
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/key
|
||||
property: secret
|
||||
- secretKey: admin-email
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
@@ -27,6 +20,38 @@ spec:
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: admin-password
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: secret
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/config
|
||||
property: key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /authentik/oidc/directus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /authentik/oidc/directus
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
@@ -36,67 +61,18 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-metric-token
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: metric-token
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/metrics
|
||||
property: metric-token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-valkey-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-valkey-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
- secretKey: default
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/directus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/directus
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
@@ -105,11 +81,12 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-bucket-garage
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
@@ -123,3 +100,31 @@ spec:
|
||||
remoteRef:
|
||||
key: /garage/home-infra/directus-assets
|
||||
property: ACCESS_REGION
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: directus-valkey-config
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: directus-valkey-config
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: default
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
- secretKey: user
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: user
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/directus/valkey
|
||||
property: password
|
||||
|
||||
@@ -113,12 +113,12 @@ directus:
|
||||
- name: AUTH_AUTHENTIK_CLIENT_ID
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-oidc-authentik
|
||||
name: directus-oidc-secret
|
||||
key: OIDC_CLIENT_ID
|
||||
- name: AUTH_AUTHENTIK_CLIENT_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: directus-oidc-authentik
|
||||
name: directus-oidc-secret
|
||||
key: OIDC_CLIENT_SECRET
|
||||
- name: AUTH_AUTHENTIK_SCOPE
|
||||
value: openid profile email
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,7 @@ description: Excalidraw
|
||||
keywords:
|
||||
- excalidraw
|
||||
- drawing
|
||||
home: https://docs.alexlebens.dev/applications/excalidraw/
|
||||
home: https://docs.alexlebens.dev/applications/eraser/
|
||||
sources:
|
||||
- https://github.com/excalidraw/excalidraw
|
||||
- https://hub.docker.com/r/excalidraw/excalidraw
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -8,7 +8,7 @@ excalidraw:
|
||||
main:
|
||||
image:
|
||||
repository: excalidraw/excalidraw
|
||||
tag: latest@sha256:20ffa04668e19616bb0c1b3632849e5cd96e0bc7a1336b73d9d072667f2c2854
|
||||
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
|
||||
env:
|
||||
- name: NODE_ENV
|
||||
value: production
|
||||
|
||||
@@ -5,7 +5,7 @@ description: External DNS
|
||||
keywords:
|
||||
- external-dns
|
||||
- dns
|
||||
home: https://docs.alexlebens.dev/applications/external-dns/
|
||||
home: https://docs.alexlebens.dev/applications/eraser/
|
||||
sources:
|
||||
- https://github.com/kubernetes-sigs/external-dns
|
||||
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-device-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Unifi UDM
|
||||
@@ -47,7 +48,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: iot-device-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Airgradient
|
||||
@@ -80,18 +82,6 @@ spec:
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.100
|
||||
# HD Homerun
|
||||
- dnsName: dv01hr.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.72
|
||||
# Pi KVM
|
||||
- dnsName: dv02kv.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.71
|
||||
|
||||
---
|
||||
apiVersion: externaldns.k8s.io/v1alpha1
|
||||
@@ -101,7 +91,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: server-host-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Unifi Gateway
|
||||
@@ -134,18 +125,6 @@ spec:
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.232.1.52
|
||||
# Desktop
|
||||
- dnsName: pd05wd.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.115
|
||||
# Laptop
|
||||
- dnsName: pl02mc.alexlebens.net
|
||||
recordTTL: 180
|
||||
recordType: A
|
||||
targets:
|
||||
- 10.230.0.105
|
||||
|
||||
---
|
||||
apiVersion: externaldns.k8s.io/v1alpha1
|
||||
@@ -155,7 +134,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: cluster-service-names
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
endpoints:
|
||||
# Treafik Proxy
|
||||
|
||||
@@ -5,11 +5,12 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-dns-unifi-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: api-key
|
||||
remoteRef:
|
||||
|
||||
@@ -18,4 +18,4 @@ dependencies:
|
||||
repository: https://charts.external-secrets.io
|
||||
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
|
||||
# renovate: datasource=github-releases depName=external-secrets/external-secrets
|
||||
appVersion: v2.3.0
|
||||
appVersion: vv2.3.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,16 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: external-secrets
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: external-secrets
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:auth-delegator
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: vault
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
@@ -16,28 +17,3 @@ spec:
|
||||
namespace: vault
|
||||
name: vault-token
|
||||
key: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ClusterSecretStore
|
||||
metadata:
|
||||
name: openbao
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: openbao
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
provider:
|
||||
vault:
|
||||
server: http://openbao-internal.openbao:8200
|
||||
path: secret
|
||||
version: v2
|
||||
auth:
|
||||
kubernetes:
|
||||
mountPath: kubernetes
|
||||
role: external-secrets
|
||||
serviceAccountRef:
|
||||
name: {{ .Release.Name }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
audiences:
|
||||
- openbao
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
NFS names
|
||||
*/}}
|
||||
{{- define "custom.storageNfsName" -}}
|
||||
foldergram-pictures-collections-nfs-storage
|
||||
{{- end -}}
|
||||
@@ -1,13 +1,14 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: foldergram-pictures-collections-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeName: {{ include "custom.storageNfsName" . }}
|
||||
volumeName: foldergram-pictures-collections-nfs-storage
|
||||
storageClassName: nfs-client
|
||||
accessModes:
|
||||
- ReadWriteMany
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: v1
|
||||
kind: PersistentVolume
|
||||
metadata:
|
||||
name: {{ include "custom.storageNfsName" . }}
|
||||
name: foldergram-pictures-collections-nfs-storage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
persistentVolumeReclaimPolicy: Retain
|
||||
storageClassName: nfs-client
|
||||
|
||||
@@ -70,7 +70,7 @@ foldergram:
|
||||
forceRename: foldergram-data
|
||||
storageClass: synology-iscsi-delete
|
||||
accessMode: ReadWriteOnce
|
||||
size: 250Gi
|
||||
size: 150Gi
|
||||
advancedMounts:
|
||||
main:
|
||||
main:
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,52 +1,54 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-install-config
|
||||
name: freshrss-install-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-install-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: freshrss-install-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ADMIN_EMAIL
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-email
|
||||
property: ADMIN_EMAIL
|
||||
- secretKey: ADMIN_PASSWORD
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-password
|
||||
property: ADMIN_PASSWORD
|
||||
- secretKey: ADMIN_API_PASSWORD
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/config
|
||||
property: admin-api-password
|
||||
property: ADMIN_API_PASSWORD
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: freshrss-oidc-authentik
|
||||
name: freshrss-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: freshrss-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: freshrss-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/freshrss
|
||||
key: /authentik/oidc/freshrss
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/freshrss
|
||||
key: /authentik/oidc/freshrss
|
||||
property: secret
|
||||
- secretKey: OIDC_CLIENT_CRYPTO_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/freshrss/key
|
||||
property: oidc-client-crypto-key
|
||||
key: /authentik/oidc/freshrss
|
||||
property: crypto-key
|
||||
|
||||
@@ -73,9 +73,9 @@ freshrss:
|
||||
value: preferred_username
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: freshrss-oidc-authentik
|
||||
name: freshrss-oidc-secret
|
||||
- secretRef:
|
||||
name: freshrss-install-config
|
||||
name: freshrss-install-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 1m
|
||||
|
||||
@@ -21,4 +21,4 @@ dependencies:
|
||||
version: 4.6.2
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/garage.png
|
||||
# renovate: datasource=docker depName=dxflrs/garage
|
||||
appVersion: v2.3.0
|
||||
appVersion: v2.2.0
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,25 +1,26 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-token
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: garage-token-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: GARAGE_RPC_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: rpc-secret
|
||||
key: /cl01tl/garage/token
|
||||
property: rpc
|
||||
- secretKey: GARAGE_ADMIN_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: admin-token
|
||||
key: /cl01tl/garage/token
|
||||
property: admin
|
||||
- secretKey: GARAGE_METRICS_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/garage/config
|
||||
property: metrics-token
|
||||
key: /cl01tl/garage/token
|
||||
property: metric
|
||||
|
||||
@@ -6,7 +6,8 @@ metadata:
|
||||
labels:
|
||||
app.kubernetes.io/name: garage-main
|
||||
app.kubernetes.io/service: garage-main
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
ports:
|
||||
- name: admin
|
||||
@@ -26,6 +27,6 @@ spec:
|
||||
protocol: TCP
|
||||
targetPort: 3902
|
||||
selector:
|
||||
app.kubernetes.io/name: garage
|
||||
app.kubernetes.io/instance: garage
|
||||
app.kubernetes.io/name: garage
|
||||
garage-type: server
|
||||
|
||||
@@ -21,10 +21,10 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -50,10 +50,10 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -79,10 +79,10 @@ garage:
|
||||
main:
|
||||
image:
|
||||
repository: dxflrs/garage
|
||||
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
|
||||
tag: v2.2.0@sha256:45a61ce3f7c9c24fc23d9ed2b09b27ed560ab87b34605d175d5c588f539c24e4
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
@@ -104,7 +104,7 @@ garage:
|
||||
- name: API_ADMIN_KEY
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
key: GARAGE_ADMIN_TOKEN
|
||||
resources:
|
||||
requests:
|
||||
@@ -273,7 +273,7 @@ garage:
|
||||
scrapeTimeout: 2m
|
||||
path: /metrics
|
||||
bearerTokenSecret:
|
||||
name: garage-token
|
||||
name: garage-token-secret
|
||||
key: GARAGE_METRICS_TOKEN
|
||||
route:
|
||||
webui:
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,40 +1,42 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gatus-config
|
||||
name: gatus-config-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gatus-config-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: NTFY_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/ntfy/users/cl01tl
|
||||
key: /ntfy/user/cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gatus-oidc-authentik
|
||||
name: gatus-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gatus-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gatus-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: OIDC_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gatus
|
||||
key: /authentik/oidc/gatus
|
||||
property: client
|
||||
- secretKey: OIDC_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gatus
|
||||
key: /authentik/oidc/gatus
|
||||
property: secret
|
||||
|
||||
@@ -20,17 +20,17 @@ gatus:
|
||||
NTFY_TOKEN:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gatus-config
|
||||
name: gatus-config-secret
|
||||
key: NTFY_TOKEN
|
||||
OIDC_CLIENT_ID:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gatus-oidc-authentik
|
||||
name: gatus-oidc-secret
|
||||
key: OIDC_CLIENT_ID
|
||||
OIDC_CLIENT_SECRET:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gatus-oidc-authentik
|
||||
name: gatus-oidc-secret
|
||||
key: OIDC_CLIENT_SECRET
|
||||
POSTGRES_USER:
|
||||
valueFrom:
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,10 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Release.Namespace }}
|
||||
name: generic-device-plugin
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Namespace }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: generic-device-plugin
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
|
||||
@@ -4,10 +4,10 @@ dependencies:
|
||||
version: 12.5.3
|
||||
- name: actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.1.0
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 2.5.0
|
||||
@@ -23,5 +23,5 @@ dependencies:
|
||||
- name: volsync-target
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
version: 0.8.0
|
||||
digest: sha256:2144d55ea34ba25bd81c1e479ee5cd27097fafb5676b96e63aa0e32ad2868925
|
||||
generated: "2026-04-16T20:09:26.031592859Z"
|
||||
digest: sha256:3b2cd7914718ca5857531c466deb3b7f88a49ce4d67484efcffac7e5accf5263
|
||||
generated: "2026-04-15T18:58:48.48174558Z"
|
||||
|
||||
@@ -31,9 +31,9 @@ dependencies:
|
||||
- name: actions
|
||||
alias: gitea-actions
|
||||
repository: https://dl.gitea.com/charts/
|
||||
version: 0.1.0
|
||||
version: 0.0.5
|
||||
- name: meilisearch
|
||||
version: 0.32.0
|
||||
version: 0.31.0
|
||||
repository: https://meilisearch.github.io/meilisearch-kubernetes
|
||||
- name: cloudflared
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
@@ -56,4 +56,4 @@ dependencies:
|
||||
repository: oci://harbor.alexlebens.net/helm-charts
|
||||
icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/gitea.png
|
||||
# renovate: datasource=github-releases depName=go-gitea/gitea
|
||||
appVersion: 1.26.0
|
||||
appVersion: 1.25.5
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-custom-templates
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
data:
|
||||
header.tmpl: |
|
||||
<script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script>
|
||||
|
||||
@@ -1,15 +1,64 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-admin-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-admin-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: username
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/auth/admin
|
||||
property: username
|
||||
- secretKey: password
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/auth/admin
|
||||
property: password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-oidc-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-oidc-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /authentik/oidc/gitea
|
||||
property: secret
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /authentik/oidc/gitea
|
||||
property: client
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-runner-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-runner-secret
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: token
|
||||
remoteRef:
|
||||
@@ -20,15 +69,80 @@ spec:
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-meilisearch-key
|
||||
name: gitea-renovate-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-meilisearch-key
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gitea-renovate-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: RENOVATE_ENDPOINT
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: RENOVATE_ENDPOINT
|
||||
- secretKey: RENOVATE_GIT_AUTHOR
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: RENOVATE_GIT_AUTHOR
|
||||
- secretKey: RENOVATE_TOKEN
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: RENOVATE_TOKEN
|
||||
- secretKey: RENOVATE_GIT_PRIVATE_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: id_rsa
|
||||
- secretKey: RENOVATE_GITHUB_COM_TOKEN
|
||||
remoteRef:
|
||||
key: /github/gitea-cl01tl
|
||||
property: token
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-renovate-ssh-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-renovate-ssh-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: config
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: ssh_config
|
||||
- secretKey: id_rsa
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: id_rsa
|
||||
- secretKey: id_rsa.pub
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/renovate
|
||||
property: id_rsa.pub
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-meilisearch-master-key-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-meilisearch-master-key-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
target:
|
||||
template:
|
||||
mergePolicy: Merge
|
||||
@@ -39,27 +153,4 @@ spec:
|
||||
- secretKey: MEILI_MASTER_KEY
|
||||
remoteRef:
|
||||
key: /cl01tl/gitea/meilisearch
|
||||
property: master-key
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: gitea-oidc-authentik
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
data:
|
||||
- secretKey: secret
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gitea
|
||||
property: secret
|
||||
- secretKey: key
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/gitea
|
||||
property: client
|
||||
property: MEILI_MASTER_KEY
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
@@ -20,6 +21,8 @@ spec:
|
||||
type: PathPrefix
|
||||
value: /
|
||||
backendRefs:
|
||||
- kind: Service
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: gitea-http
|
||||
port: 3000
|
||||
weight: 100
|
||||
|
||||
@@ -1,11 +1,12 @@
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-tailscale
|
||||
name: gitea-tailscale
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Name }}-tailscale
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gitea-tailscale
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
tailscale.com/proxy-class: no-metrics
|
||||
annotations:
|
||||
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
|
||||
@@ -20,7 +21,7 @@ spec:
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: gitea-http
|
||||
|
||||
@@ -1,10 +1,11 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: {{ .Release.Namespace }}
|
||||
name: gitea
|
||||
labels:
|
||||
app.kubernetes.io/name: {{ .Release.Namespace }}
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: gitea
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
pod-security.kubernetes.io/audit: privileged
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
pod-security.kubernetes.io/warn: privileged
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-themes-storage
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
volumeMode: Filesystem
|
||||
storageClassName: ceph-filesystem
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: gitea-ssh
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
parentRefs:
|
||||
- group: gateway.networking.k8s.io
|
||||
@@ -15,6 +16,8 @@ spec:
|
||||
sectionName: ssh
|
||||
rules:
|
||||
- backendRefs:
|
||||
- kind: Service
|
||||
- group: ''
|
||||
kind: Service
|
||||
name: gitea-ssh
|
||||
port: 22
|
||||
weight: 100
|
||||
|
||||
@@ -59,7 +59,7 @@ gitea:
|
||||
oauth:
|
||||
- name: Authentik
|
||||
provider: openidConnect
|
||||
existingSecret: gitea-oidc-authentik
|
||||
existingSecret: gitea-oidc-secret
|
||||
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
|
||||
iconUrl: https://goauthentik.io/img/icon.png
|
||||
scopes: "email profile"
|
||||
@@ -137,7 +137,7 @@ gitea:
|
||||
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: gitea-meilisearch-key
|
||||
name: gitea-meilisearch-master-key-secret
|
||||
key: ISSUE_INDEXER_CONN_STR
|
||||
valkey-cluster:
|
||||
enabled: false
|
||||
@@ -194,7 +194,7 @@ gitea-actions:
|
||||
registry: docker.io
|
||||
repository: gitea/act_runner
|
||||
# renovate: datasource=docker depName=gitea/act_runner
|
||||
tag: 0.4.1@sha256:696a59b51ad3d149521e3beb0229d5fb88f87295e1616f940199793274415b56
|
||||
tag: 0.3.1@sha256:c2a169c5e99864c25e32527cef3d82203225e09558773022bf3dc164a2e6d762
|
||||
extraVolumeMounts:
|
||||
- name: workspace-vol
|
||||
mountPath: /workspace
|
||||
@@ -235,7 +235,7 @@ meilisearch:
|
||||
MEILI_ENV: production
|
||||
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
|
||||
auth:
|
||||
existingMasterKeySecret: gitea-meilisearch-key
|
||||
existingMasterKeySecret: gitea-meilisearch-master-key-secret
|
||||
persistence:
|
||||
enabled: true
|
||||
storageClass: ceph-block
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "custom.labels" -}}
|
||||
{{ include "custom.selectorLabels" $ }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "custom.selectorLabels" -}}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
@@ -1,44 +1,98 @@
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-config
|
||||
name: grafana-auth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-config
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: grafana-auth-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: admin-user
|
||||
remoteRef:
|
||||
key: /cl01tl/grafana/config
|
||||
key: /cl01tl/grafana/auth
|
||||
property: admin-user
|
||||
- secretKey: admin-password
|
||||
remoteRef:
|
||||
key: /cl01tl/grafana/config
|
||||
key: /cl01tl/grafana/auth
|
||||
property: admin-password
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-oidc-authentik
|
||||
name: grafana-oauth-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-oidc-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/name: grafana-oauth-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: openbao
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: AUTH_CLIENT_ID
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/grafana
|
||||
key: /authentik/oidc/grafana
|
||||
property: client
|
||||
- secretKey: AUTH_CLIENT_SECRET
|
||||
remoteRef:
|
||||
key: /cl01tl/authentik/oidc/grafana
|
||||
key: /authentik/oidc/grafana
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-operator-postgresql-18-cluster-backup-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
property: access
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
key: /digital-ocean/home-infra/postgres-backups
|
||||
property: secret
|
||||
|
||||
---
|
||||
apiVersion: external-secrets.io/v1
|
||||
kind: ExternalSecret
|
||||
metadata:
|
||||
name: grafana-operator-postgresql-18-cluster-backup-secret-garage
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret-garage
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
secretStoreRef:
|
||||
kind: ClusterSecretStore
|
||||
name: vault
|
||||
data:
|
||||
- secretKey: ACCESS_KEY_ID
|
||||
remoteRef:
|
||||
key: /garage/home-infra/postgres-backups
|
||||
property: ACCESS_KEY_ID
|
||||
- secretKey: ACCESS_SECRET_KEY
|
||||
remoteRef:
|
||||
key: /garage/home-infra/postgres-backups
|
||||
property: ACCESS_SECRET_KEY
|
||||
- secretKey: ACCESS_REGION
|
||||
remoteRef:
|
||||
key: /garage/home-infra/postgres-backups
|
||||
property: ACCESS_REGION
|
||||
|
||||
@@ -5,7 +5,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-ceph
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -23,7 +24,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-coredns
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -41,7 +43,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-etcd
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -59,7 +62,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-garage
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -77,7 +81,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-loki
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -95,7 +100,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-node-full
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -113,7 +119,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-node-short
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -131,7 +138,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-pods
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -149,7 +157,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-argocd
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -167,7 +176,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-blocky
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -185,7 +195,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-cert-manager
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -203,7 +214,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-cloudnative-pg
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -221,7 +233,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-descheduler
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -239,7 +252,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-external-dns
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -257,7 +271,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-external-secrets
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -275,7 +290,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-gatus
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -293,7 +309,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-operator
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -311,7 +328,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-harbor
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -329,7 +347,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-speedtest-exporter
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -347,7 +366,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-spegel
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -365,7 +385,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-traefik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -383,7 +404,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-tdarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -401,7 +423,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-unpoller
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -419,7 +442,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-version-checker-internal
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -437,7 +461,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-version-checker
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -455,7 +480,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-volsync
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -473,7 +499,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-s3
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -491,7 +518,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-authentik
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -509,7 +537,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-gitea
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -527,7 +556,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-ntfy
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -545,7 +575,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-openbao
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -563,7 +594,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-qbittorrent
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -581,7 +613,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-vault
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -599,7 +632,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-unpackerr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -617,7 +651,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-airgradient
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -635,7 +670,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-server-power-consumption
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -653,7 +689,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-immich
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -671,7 +708,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-jellyfin
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -689,7 +727,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-navidrome
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -707,7 +746,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-radarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -725,7 +765,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-servarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
@@ -743,7 +784,8 @@ metadata:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
app.kubernetes.io/name: grafana-dashboard-sonarr
|
||||
{{- include "custom.labels" . | nindent 4 }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
app.kubernetes.io/part-of: {{ .Release.Name }}
|
||||
spec:
|
||||
instanceSelector:
|
||||
matchLabels:
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user