alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 8 Actions 1 Activity

Compare commits

base: alexlebens:tmp/secrets-5
Branches Tags
alexlebens:main alexlebens:tmp/secrets-5 alexlebens:renovate/major-unified-grimmory alexlebens:renovate/unified-ui alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-ntfy alexlebens:renovate/unified-cilium alexlebens:manifests
..
compare: alexlebens:main
Branches Tags
alexlebens:tmp/secrets-5 alexlebens:renovate/major-unified-grimmory alexlebens:renovate/unified-ui alexlebens:renovate/major-unified-vault alexlebens:renovate/unified-stalwartlabs alexlebens:renovate/unified-gitea alexlebens:renovate/unified-ntfy alexlebens:renovate/unified-cilium alexlebens:main alexlebens:manifests

11 Commits
tmp/secret ... main

Author SHA1 Message Date
Renovate Bot
e74aa89f0a Merge pull request 'chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.139.6' (#6149) from renovate/unified-renovate into main
All checks were successful
renovate / renovate (push) Successful in 5m51s
Details
2026-04-22 21:04:08 +00:00
Renovate Bot
03a686deac chore(deps): update ghcr.io/renovatebot/renovate docker tag to v43.139.6
Some checks are pending
renovate/stability-days Updates have not met minimum release age requirement
Details
2026-04-22 21:03:38 +00:00
Alex Lebens
6c8b994987 feat: remove
Some checks failed
lint-test-docker / lint-docker-compose (push) Failing after 1m38s
Details
renovate / renovate (push) Successful in 3m53s
Details
2026-04-22 11:46:55 -05:00
Alex Lebens
71e8f91133 Merge pull request 'fix: wrong indent' (#6147) from tmp/ispon-2 into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 43s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m52s
Details 
Reviewed-on: #6147
 2026-04-22 16:13:12 +00:00
Alex Lebens
e943fff1eb fix: wrong indent
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 46s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 40s
Details
render-manifests / render-manifests (pull_request) Successful in 1m21s
Details
2026-04-22 11:10:19 -05:00
Alex Lebens
117b15142a Merge pull request 'feat: Add ispon' (#6144) from tmp/ispon into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 1m0s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 3m47s
Details 
Reviewed-on: #6144
 2026-04-22 15:46:20 +00:00
Alex Lebens
dbd2b1c0f9 feat: Add ispon
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 50s
Details
lint-test-helm / validate-kubeconform (pull_request) Successful in 54s
Details
render-manifests / render-manifests (pull_request) Successful in 1m32s
Details
2026-04-22 10:43:19 -05:00
Renovate Bot
7ee6ce8477 Merge pull request 'chore(deps): update searxng/searxng:latest docker digest to 37c616a' (#6142) from renovate/unified-searxng into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 31s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 5m42s
Details
render-manifests / render-manifests (push) Successful in 10m57s
Details
2026-04-22 09:06:17 +00:00
Renovate Bot
9a789a25e1 chore(deps): update searxng/searxng:latest docker digest to 37c616a
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 32s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m16s
Details
2026-04-22 09:05:49 +00:00
Renovate Bot
29d1a75a35 Merge pull request 'chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to d17f32d' (#6140) from renovate/unified-lidarr into main
All checks were successful
lint-test-helm / lint-helm (push) Successful in 44s
Details
lint-test-helm / validate-kubeconform (push) Has been skipped
Details
renovate / renovate (push) Successful in 6m6s
Details
2026-04-22 05:04:28 +00:00
Renovate Bot
653008769d chore(deps): update ghcr.io/linuxserver/lidarr:3.1.2-nightly docker digest to d17f32d
All checks were successful
lint-test-helm / lint-helm (pull_request) Successful in 47s
Details
lint-test-helm / validate-kubeconform (pull_request) Has been skipped
Details
render-manifests / render-manifests (pull_request) Successful in 1m47s
Details
2026-04-22 05:04:05 +00:00
304 changed files with 1522 additions and 2553 deletions
Expand all files Collapse all files

2
.gitea/workflows/renovate.yaml
View File

@@ -13,7 +13,7 @@ on:
jobs: jobs:
renovate: renovate:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: ghcr.io/renovatebot/renovate:43.138.2@sha256:79765b2442117d5c87e17456aa79ae54b4e0e2a4d9212a10508e233706375556 container: ghcr.io/renovatebot/renovate:43.139.6@sha256:2ed9f867ea7a7d2448847ce704f78af09e9b881c63f843a1aa0f590691737c42
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

14
clusters/cl01tl/helm/actual/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

4
clusters/cl01tl/helm/authentik/templates/ingress.yaml
View File

@@ -5,8 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ .Release.Name }}-tailscale app.kubernetes.io/name: {{ .Release.Name }}-tailscale
{{- include "custom.labels" . | nindent 4 }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics
{{- include "custom.labels" . | nindent 4 }}
annotations: annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
spec: spec:
@@ -25,4 +25,4 @@ spec:
service: service:
name: authentik-server name: authentik-server
port: port:
name: http number: 80

14
clusters/cl01tl/helm/blocky/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

4
clusters/cl01tl/helm/cilium/templates/http-route.yaml
View File

@@ -20,6 +20,8 @@ spec:
type: PathPrefix type: PathPrefix
value: / value: /
backendRefs: backendRefs:
- kind: Service - group: ''
kind: Service
name: hubble-ui name: hubble-ui
port: 80 port: 80
weight: 100

14
clusters/cl01tl/helm/cloudnative-pg/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/coredns/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

9
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: synology-iscsi-config name: synology-iscsi-config-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: synology-iscsi-config app.kubernetes.io/name: synology-iscsi-config-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: driver-config-file.yaml - secretKey: driver-config-file.yaml
remoteRef: remoteRef:

7
clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/namespace.yaml
View File

@@ -1,10 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: {{ .Release.Namespace }} name: democratic-csi-synology-iscsi
labels: labels:
app.kubernetes.io/name: {{ .Release.Namespace }} app.kubernetes.io/name: democratic-csi-synology-iscsi
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

2
clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml
View File

@@ -3,7 +3,7 @@ democratic-csi:
image: image:
registry: ghcr.io/democratic-csi/democratic-csi registry: ghcr.io/democratic-csi/democratic-csi
tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f
existingConfigSecret: synology-iscsi-config existingConfigSecret: synology-iscsi-config-secret
config: config:
driver: synology-iscsi driver: synology-iscsi
resources: resources:

14
clusters/cl01tl/helm/descheduler/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

2
clusters/cl01tl/helm/directus/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Directus
keywords: keywords:
- directus - directus
- content-management-system - content-management-system
home: https://docs.alexlebens.dev/applications/directus/ home: https://docs.alexlebens.dev/applications/descheduler/
sources: sources:
- https://github.com/directus/directus - https://github.com/directus/directus
- https://github.com/directus/directus/pkgs/container/directus - https://github.com/directus/directus/pkgs/container/directus

14
clusters/cl01tl/helm/directus/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

133
clusters/cl01tl/helm/directus/templates/external-secret.yaml
View File

@@ -5,20 +5,13 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-config app.kubernetes.io/name: directus-config
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key
remoteRef:
key: /cl01tl/directus/key
property: key
- secretKey: secret
remoteRef:
key: /cl01tl/directus/key
property: secret
- secretKey: admin-email - secretKey: admin-email
remoteRef: remoteRef:
key: /cl01tl/directus/config key: /cl01tl/directus/config
@@ -27,6 +20,38 @@ spec:
remoteRef: remoteRef:
key: /cl01tl/directus/config key: /cl01tl/directus/config
property: admin-password property: admin-password
- secretKey: secret
remoteRef:
key: /cl01tl/directus/config
property: secret
- secretKey: key
remoteRef:
key: /cl01tl/directus/config
property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
key: /authentik/oidc/directus
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
key: /authentik/oidc/directus
property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
@@ -36,67 +61,18 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-metric-token app.kubernetes.io/name: directus-metric-token
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: metric-token - secretKey: metric-token
remoteRef: remoteRef:
key: /cl01tl/directus/metrics key: /cl01tl/directus/metrics
property: metric-token property: metric-token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: user
remoteRef:
key: /cl01tl/directus/valkey
property: user
- secretKey: password
remoteRef:
key: /cl01tl/directus/valkey
property: password
- secretKey: default
remoteRef:
key: /cl01tl/directus/valkey
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-oidc-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-oidc-authentik
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: OIDC_CLIENT_ID
remoteRef:
key: /cl01tl/authentik/oidc/directus
property: client
- secretKey: OIDC_CLIENT_SECRET
remoteRef:
key: /cl01tl/authentik/oidc/directus
property: secret
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -105,11 +81,12 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: directus-bucket-garage app.kubernetes.io/name: directus-bucket-garage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
@@ -123,3 +100,31 @@ spec:
remoteRef: remoteRef:
key: /garage/home-infra/directus-assets key: /garage/home-infra/directus-assets
property: ACCESS_REGION property: ACCESS_REGION
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: directus-valkey-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: directus-valkey-config
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: default
remoteRef:
key: /cl01tl/directus/valkey
property: password
- secretKey: user
remoteRef:
key: /cl01tl/directus/valkey
property: user
- secretKey: password
remoteRef:
key: /cl01tl/directus/valkey
property: password

4
clusters/cl01tl/helm/directus/values.yaml
View File

@@ -113,12 +113,12 @@ directus:
- name: AUTH_AUTHENTIK_CLIENT_ID - name: AUTH_AUTHENTIK_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-oidc-authentik name: directus-oidc-secret
key: OIDC_CLIENT_ID key: OIDC_CLIENT_ID
- name: AUTH_AUTHENTIK_CLIENT_SECRET - name: AUTH_AUTHENTIK_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: directus-oidc-authentik name: directus-oidc-secret
key: OIDC_CLIENT_SECRET key: OIDC_CLIENT_SECRET
- name: AUTH_AUTHENTIK_SCOPE - name: AUTH_AUTHENTIK_SCOPE
value: openid profile email value: openid profile email

14
clusters/cl01tl/helm/elastic-operator/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/element-web/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/eraser/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

2
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: Excalidraw
keywords: keywords:
- excalidraw - excalidraw
- drawing - drawing
home: https://docs.alexlebens.dev/applications/excalidraw/ home: https://docs.alexlebens.dev/applications/eraser/
sources: sources:
- https://github.com/excalidraw/excalidraw - https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw - https://hub.docker.com/r/excalidraw/excalidraw

14
clusters/cl01tl/helm/excalidraw/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

2
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,7 +5,7 @@ description: External DNS
keywords: keywords:
- external-dns - external-dns
- dns - dns
home: https://docs.alexlebens.dev/applications/external-dns/ home: https://docs.alexlebens.dev/applications/eraser/
sources: sources:
- https://github.com/kubernetes-sigs/external-dns - https://github.com/kubernetes-sigs/external-dns
- https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns - https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns

14
clusters/cl01tl/helm/external-dns/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

36
clusters/cl01tl/helm/external-dns/templates/dns-endpoint.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: external-device-names app.kubernetes.io/name: external-device-names
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Unifi UDM # Unifi UDM
@@ -47,7 +48,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: iot-device-names app.kubernetes.io/name: iot-device-names
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Airgradient # Airgradient
@@ -80,18 +82,6 @@ spec:
recordType: A recordType: A
targets: targets:
- 10.230.0.100 - 10.230.0.100
# HD Homerun
- dnsName: dv01hr.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.72
# Pi KVM
- dnsName: dv02kv.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.232.1.71
--- ---
apiVersion: externaldns.k8s.io/v1alpha1 apiVersion: externaldns.k8s.io/v1alpha1
@@ -101,7 +91,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: server-host-names app.kubernetes.io/name: server-host-names
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Unifi Gateway # Unifi Gateway
@@ -134,18 +125,6 @@ spec:
recordType: A recordType: A
targets: targets:
- 10.232.1.52 - 10.232.1.52
# Desktop
- dnsName: pd05wd.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.230.0.115
# Laptop
- dnsName: pl02mc.alexlebens.net
recordTTL: 180
recordType: A
targets:
- 10.230.0.105
--- ---
apiVersion: externaldns.k8s.io/v1alpha1 apiVersion: externaldns.k8s.io/v1alpha1
@@ -155,7 +134,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: cluster-service-names app.kubernetes.io/name: cluster-service-names
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
endpoints: endpoints:
# Treafik Proxy # Treafik Proxy

5
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -5,11 +5,12 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: external-dns-unifi-secret app.kubernetes.io/name: external-dns-unifi-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: api-key - secretKey: api-key
remoteRef: remoteRef:

14
clusters/cl01tl/helm/external-secrets/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

5
clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml
View File

@@ -5,12 +5,13 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: external-secrets app.kubernetes.io/name: external-secrets
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: system:auth-delegator name: system:auth-delegator
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: {{ .Release.Name }} name: external-secrets
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}

10
clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: vault app.kubernetes.io/name: vault
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
provider: provider:
vault: vault:
@@ -25,7 +26,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: openbao app.kubernetes.io/name: openbao
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
provider: provider:
vault: vault:
@@ -37,7 +39,7 @@ spec:
mountPath: kubernetes mountPath: kubernetes
role: external-secrets role: external-secrets
serviceAccountRef: serviceAccountRef:
name: {{ .Release.Name }} name: external-secrets
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Name }}
audiences: audiences:
- openbao - openbao

21
clusters/cl01tl/helm/foldergram/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
foldergram-pictures-collections-nfs-storage
{{- end -}}

9
clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: foldergram-pictures-collections-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.storageNfsName" . }} volumeName: foldergram-pictures-collections-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

7
clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: foldergram-pictures-collections-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

14
clusters/cl01tl/helm/freshrss/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

32
clusters/cl01tl/helm/freshrss/templates/external-secret.yaml
View File

@@ -1,52 +1,54 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: freshrss-install-config name: freshrss-install-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: freshrss-install-config app.kubernetes.io/name: freshrss-install-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: ADMIN_EMAIL - secretKey: ADMIN_EMAIL
remoteRef: remoteRef:
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
property: admin-email property: ADMIN_EMAIL
- secretKey: ADMIN_PASSWORD - secretKey: ADMIN_PASSWORD
remoteRef: remoteRef:
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
property: admin-password property: ADMIN_PASSWORD
- secretKey: ADMIN_API_PASSWORD - secretKey: ADMIN_API_PASSWORD
remoteRef: remoteRef:
key: /cl01tl/freshrss/config key: /cl01tl/freshrss/config
property: admin-api-password property: ADMIN_API_PASSWORD
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: freshrss-oidc-authentik name: freshrss-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: freshrss-oidc-authentik app.kubernetes.io/name: freshrss-oidc-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/freshrss key: /authentik/oidc/freshrss
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/freshrss key: /authentik/oidc/freshrss
property: secret property: secret
- secretKey: OIDC_CLIENT_CRYPTO_KEY - secretKey: OIDC_CLIENT_CRYPTO_KEY
remoteRef: remoteRef:
key: /cl01tl/freshrss/key key: /authentik/oidc/freshrss
property: oidc-client-crypto-key property: crypto-key

4
clusters/cl01tl/helm/freshrss/values.yaml
View File

@@ -73,9 +73,9 @@ freshrss:
value: preferred_username value: preferred_username
envFrom: envFrom:
- secretRef: - secretRef:
name: freshrss-oidc-authentik name: freshrss-oidc-secret
- secretRef: - secretRef:
name: freshrss-install-config name: freshrss-install-secret
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

14
clusters/cl01tl/helm/garage/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

21
clusters/cl01tl/helm/garage/templates/external-secret.yaml
View File

@@ -1,25 +1,26 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: garage-token name: garage-token-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: garage-token app.kubernetes.io/name: garage-token-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: GARAGE_RPC_SECRET - secretKey: GARAGE_RPC_SECRET
remoteRef: remoteRef:
key: /cl01tl/garage/config key: /cl01tl/garage/token
property: rpc-secret property: rpc
- secretKey: GARAGE_ADMIN_TOKEN - secretKey: GARAGE_ADMIN_TOKEN
remoteRef: remoteRef:
key: /cl01tl/garage/config key: /cl01tl/garage/token
property: admin-token property: admin
- secretKey: GARAGE_METRICS_TOKEN - secretKey: GARAGE_METRICS_TOKEN
remoteRef: remoteRef:
key: /cl01tl/garage/config key: /cl01tl/garage/token
property: metrics-token property: metric

5
clusters/cl01tl/helm/garage/templates/service.yaml
View File

@@ -6,7 +6,8 @@ metadata:
labels: labels:
app.kubernetes.io/name: garage-main app.kubernetes.io/name: garage-main
app.kubernetes.io/service: garage-main app.kubernetes.io/service: garage-main
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
ports: ports:
- name: admin - name: admin
@@ -26,6 +27,6 @@ spec:
protocol: TCP protocol: TCP
targetPort: 3902 targetPort: 3902
selector: selector:
app.kubernetes.io/name: garage
app.kubernetes.io/instance: garage app.kubernetes.io/instance: garage
app.kubernetes.io/name: garage
garage-type: server garage-type: server

10
clusters/cl01tl/helm/garage/values.yaml
View File

@@ -24,7 +24,7 @@ garage:
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -53,7 +53,7 @@ garage:
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -82,7 +82,7 @@ garage:
tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690
envFrom: envFrom:
- secretRef: - secretRef:
name: garage-token name: garage-token-secret
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -104,7 +104,7 @@ garage:
- name: API_ADMIN_KEY - name: API_ADMIN_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: garage-token name: garage-token-secret
key: GARAGE_ADMIN_TOKEN key: GARAGE_ADMIN_TOKEN
resources: resources:
requests: requests:
@@ -273,7 +273,7 @@ garage:
scrapeTimeout: 2m scrapeTimeout: 2m
path: /metrics path: /metrics
bearerTokenSecret: bearerTokenSecret:
name: garage-token name: garage-token-secret
key: GARAGE_METRICS_TOKEN key: GARAGE_METRICS_TOKEN
route: route:
webui: webui:

14
clusters/cl01tl/helm/gatus/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

22
clusters/cl01tl/helm/gatus/templates/external-secret.yaml
View File

@@ -1,40 +1,42 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: gatus-config name: gatus-config-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gatus-config-secret app.kubernetes.io/name: gatus-config-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: NTFY_TOKEN - secretKey: NTFY_TOKEN
remoteRef: remoteRef:
key: /cl01tl/ntfy/users/cl01tl key: /ntfy/user/cl01tl
property: token property: token
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: gatus-oidc-authentik name: gatus-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gatus-oidc-authentik app.kubernetes.io/name: gatus-oidc-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/gatus key: /authentik/oidc/gatus
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/gatus key: /authentik/oidc/gatus
property: secret property: secret

6
clusters/cl01tl/helm/gatus/values.yaml
View File

@@ -20,17 +20,17 @@ gatus:
NTFY_TOKEN: NTFY_TOKEN:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gatus-config name: gatus-config-secret
key: NTFY_TOKEN key: NTFY_TOKEN
OIDC_CLIENT_ID: OIDC_CLIENT_ID:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gatus-oidc-authentik name: gatus-oidc-secret
key: OIDC_CLIENT_ID key: OIDC_CLIENT_ID
OIDC_CLIENT_SECRET: OIDC_CLIENT_SECRET:
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gatus-oidc-authentik name: gatus-oidc-secret
key: OIDC_CLIENT_SECRET key: OIDC_CLIENT_SECRET
POSTGRES_USER: POSTGRES_USER:
valueFrom: valueFrom:

14
clusters/cl01tl/helm/generic-device-plugin/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

7
clusters/cl01tl/helm/generic-device-plugin/templates/namespace.yaml
View File

@@ -1,10 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: {{ .Release.Namespace }} name: generic-device-plugin
labels: labels:
app.kubernetes.io/name: {{ .Release.Namespace }} app.kubernetes.io/name: generic-device-plugin
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

14
clusters/cl01tl/helm/gitea/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

3
clusters/cl01tl/helm/gitea/templates/config-map.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-custom-templates app.kubernetes.io/name: gitea-custom-templates
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
data: data:
header.tmpl: | header.tmpl: |
<script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script> <script defer src="https://rybbit.alexlebens.dev/api/script.js" data-site-id="b515c34a6dcc"></script>

151
clusters/cl01tl/helm/gitea/templates/external-secret.yaml
View File

@@ -1,15 +1,64 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata:
name: gitea-admin-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-admin-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: username
remoteRef:
key: /cl01tl/gitea/auth/admin
property: username
- secretKey: password
remoteRef:
key: /cl01tl/gitea/auth/admin
property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-oidc-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-oidc-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: secret
remoteRef:
key: /authentik/oidc/gitea
property: secret
- secretKey: key
remoteRef:
key: /authentik/oidc/gitea
property: client
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata: metadata:
name: gitea-runner-secret name: gitea-runner-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-runner-secret app.kubernetes.io/name: gitea-runner-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
@@ -20,15 +69,80 @@ spec:
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: gitea-meilisearch-key name: gitea-renovate-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-meilisearch-key app.kubernetes.io/name: gitea-renovate-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data:
- secretKey: RENOVATE_ENDPOINT
remoteRef:
key: /cl01tl/gitea/renovate
property: RENOVATE_ENDPOINT
- secretKey: RENOVATE_GIT_AUTHOR
remoteRef:
key: /cl01tl/gitea/renovate
property: RENOVATE_GIT_AUTHOR
- secretKey: RENOVATE_TOKEN
remoteRef:
key: /cl01tl/gitea/renovate
property: RENOVATE_TOKEN
- secretKey: RENOVATE_GIT_PRIVATE_KEY
remoteRef:
key: /cl01tl/gitea/renovate
property: id_rsa
- secretKey: RENOVATE_GITHUB_COM_TOKEN
remoteRef:
key: /github/gitea-cl01tl
property: token
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-renovate-ssh-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-renovate-ssh-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: config
remoteRef:
key: /cl01tl/gitea/renovate
property: ssh_config
- secretKey: id_rsa
remoteRef:
key: /cl01tl/gitea/renovate
property: id_rsa
- secretKey: id_rsa.pub
remoteRef:
key: /cl01tl/gitea/renovate
property: id_rsa.pub
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-meilisearch-master-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-meilisearch-master-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
target: target:
template: template:
mergePolicy: Merge mergePolicy: Merge
@@ -39,27 +153,4 @@ spec:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
key: /cl01tl/gitea/meilisearch key: /cl01tl/gitea/meilisearch
property: master-key property: MEILI_MASTER_KEY
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: gitea-oidc-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: gitea-oidc-authentik
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: secret
remoteRef:
key: /cl01tl/authentik/oidc/gitea
property: secret
- secretKey: key
remoteRef:
key: /cl01tl/authentik/oidc/gitea
property: client

7
clusters/cl01tl/helm/gitea/templates/http-route.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
@@ -20,6 +21,8 @@ spec:
type: PathPrefix type: PathPrefix
value: / value: /
backendRefs: backendRefs:
- kind: Service - group: ''
kind: Service
name: gitea-http name: gitea-http
port: 3000 port: 3000
weight: 100

9
clusters/cl01tl/helm/gitea/templates/ingress.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: networking.k8s.io/v1 apiVersion: networking.k8s.io/v1
kind: Ingress kind: Ingress
metadata: metadata:
name: {{ .Release.Name }}-tailscale name: gitea-tailscale
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ .Release.Name }}-tailscale app.kubernetes.io/name: gitea-tailscale
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
tailscale.com/proxy-class: no-metrics tailscale.com/proxy-class: no-metrics
annotations: annotations:
tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true"
@@ -20,7 +21,7 @@ spec:
http: http:
paths: paths:
- path: / - path: /
pathType: Prefix pathType: ImplementationSpecific
backend: backend:
service: service:
name: gitea-http name: gitea-http

7
clusters/cl01tl/helm/gitea/templates/namespace.yaml
View File

@@ -1,10 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: {{ .Release.Namespace }} name: gitea
labels: labels:
app.kubernetes.io/name: {{ .Release.Namespace }} app.kubernetes.io/name: gitea
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

3
clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-themes-storage app.kubernetes.io/name: gitea-themes-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeMode: Filesystem volumeMode: Filesystem
storageClassName: ceph-filesystem storageClassName: ceph-filesystem

3
clusters/cl01tl/helm/gitea/templates/service-monitor.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea app.kubernetes.io/name: gitea
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
selector: selector:
matchLabels: matchLabels:

7
clusters/cl01tl/helm/gitea/templates/tcp-route.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: gitea-ssh app.kubernetes.io/name: gitea-ssh
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
@@ -15,6 +16,8 @@ spec:
sectionName: ssh sectionName: ssh
rules: rules:
- backendRefs: - backendRefs:
- kind: Service - group: ''
kind: Service
name: gitea-ssh name: gitea-ssh
port: 22 port: 22
weight: 100

6
clusters/cl01tl/helm/gitea/values.yaml
View File

@@ -59,7 +59,7 @@ gitea:
oauth: oauth:
- name: Authentik - name: Authentik
provider: openidConnect provider: openidConnect
existingSecret: gitea-oidc-authentik existingSecret: gitea-oidc-secret
autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration
iconUrl: https://goauthentik.io/img/icon.png iconUrl: https://goauthentik.io/img/icon.png
scopes: "email profile" scopes: "email profile"
@@ -137,7 +137,7 @@ gitea:
- name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: gitea-meilisearch-key name: gitea-meilisearch-master-key-secret
key: ISSUE_INDEXER_CONN_STR key: ISSUE_INDEXER_CONN_STR
valkey-cluster: valkey-cluster:
enabled: false enabled: false
@@ -235,7 +235,7 @@ meilisearch:
MEILI_ENV: production MEILI_ENV: production
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: gitea-meilisearch-key existingMasterKeySecret: gitea-meilisearch-master-key-secret
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block

14
clusters/cl01tl/helm/grafana-operator/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

78
clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml
View File

@@ -1,44 +1,98 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grafana-config name: grafana-auth-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-config app.kubernetes.io/name: grafana-auth-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: admin-user - secretKey: admin-user
remoteRef: remoteRef:
key: /cl01tl/grafana/config key: /cl01tl/grafana/auth
property: admin-user property: admin-user
- secretKey: admin-password - secretKey: admin-password
remoteRef: remoteRef:
key: /cl01tl/grafana/config key: /cl01tl/grafana/auth
property: admin-password property: admin-password
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grafana-oidc-authentik name: grafana-oauth-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-oidc-authentik app.kubernetes.io/name: grafana-oauth-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: AUTH_CLIENT_ID - secretKey: AUTH_CLIENT_ID
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/grafana key: /authentik/oidc/grafana
property: client property: client
- secretKey: AUTH_CLIENT_SECRET - secretKey: AUTH_CLIENT_SECRET
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/grafana key: /authentik/oidc/grafana
property: secret property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grafana-operator-postgresql-18-cluster-backup-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /digital-ocean/home-infra/postgres-backups
property: access
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /digital-ocean/home-infra/postgres-backups
property: secret
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grafana-operator-postgresql-18-cluster-backup-secret-garage
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret-garage
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: ACCESS_KEY_ID
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_KEY_ID
- secretKey: ACCESS_SECRET_KEY
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_SECRET_KEY
- secretKey: ACCESS_REGION
remoteRef:
key: /garage/home-infra/postgres-backups
property: ACCESS_REGION

126
clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-ceph app.kubernetes.io/name: grafana-dashboard-ceph
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -23,7 +24,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-coredns app.kubernetes.io/name: grafana-dashboard-coredns
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -41,7 +43,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-etcd app.kubernetes.io/name: grafana-dashboard-etcd
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -59,7 +62,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-garage app.kubernetes.io/name: grafana-dashboard-garage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -77,7 +81,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-loki app.kubernetes.io/name: grafana-dashboard-loki
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -95,7 +100,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-node-full app.kubernetes.io/name: grafana-dashboard-node-full
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -113,7 +119,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-node-short app.kubernetes.io/name: grafana-dashboard-node-short
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -131,7 +138,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-pods app.kubernetes.io/name: grafana-dashboard-pods
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -149,7 +157,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-argocd app.kubernetes.io/name: grafana-dashboard-argocd
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -167,7 +176,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-blocky app.kubernetes.io/name: grafana-dashboard-blocky
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -185,7 +195,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-cert-manager app.kubernetes.io/name: grafana-dashboard-cert-manager
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -203,7 +214,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-cloudnative-pg app.kubernetes.io/name: grafana-dashboard-cloudnative-pg
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -221,7 +233,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-descheduler app.kubernetes.io/name: grafana-dashboard-descheduler
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -239,7 +252,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-external-dns app.kubernetes.io/name: grafana-dashboard-external-dns
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -257,7 +271,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-external-secrets app.kubernetes.io/name: grafana-dashboard-external-secrets
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -275,7 +290,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-gatus app.kubernetes.io/name: grafana-dashboard-gatus
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -293,7 +309,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-operator app.kubernetes.io/name: grafana-dashboard-operator
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -311,7 +328,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-harbor app.kubernetes.io/name: grafana-dashboard-harbor
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -329,7 +347,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-speedtest-exporter app.kubernetes.io/name: grafana-dashboard-speedtest-exporter
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -347,7 +366,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-spegel app.kubernetes.io/name: grafana-dashboard-spegel
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -365,7 +385,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-traefik app.kubernetes.io/name: grafana-dashboard-traefik
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -383,7 +404,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-tdarr app.kubernetes.io/name: grafana-dashboard-tdarr
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -401,7 +423,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-unpoller app.kubernetes.io/name: grafana-dashboard-unpoller
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -419,7 +442,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-version-checker-internal app.kubernetes.io/name: grafana-dashboard-version-checker-internal
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -437,7 +461,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-version-checker app.kubernetes.io/name: grafana-dashboard-version-checker
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -455,7 +480,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-volsync app.kubernetes.io/name: grafana-dashboard-volsync
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -473,7 +499,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-s3 app.kubernetes.io/name: grafana-dashboard-s3
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -491,7 +518,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-authentik app.kubernetes.io/name: grafana-dashboard-authentik
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -509,7 +537,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-gitea app.kubernetes.io/name: grafana-dashboard-gitea
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -527,7 +556,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-ntfy app.kubernetes.io/name: grafana-dashboard-ntfy
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -545,7 +575,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-openbao app.kubernetes.io/name: grafana-dashboard-openbao
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -563,7 +594,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-qbittorrent app.kubernetes.io/name: grafana-dashboard-qbittorrent
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -581,7 +613,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-vault app.kubernetes.io/name: grafana-dashboard-vault
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -599,7 +632,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-unpackerr app.kubernetes.io/name: grafana-dashboard-unpackerr
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -617,7 +651,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-airgradient app.kubernetes.io/name: grafana-dashboard-airgradient
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -635,7 +670,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-server-power-consumption app.kubernetes.io/name: grafana-dashboard-server-power-consumption
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -653,7 +689,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-immich app.kubernetes.io/name: grafana-dashboard-immich
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -671,7 +708,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-jellyfin app.kubernetes.io/name: grafana-dashboard-jellyfin
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -689,7 +727,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-navidrome app.kubernetes.io/name: grafana-dashboard-navidrome
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -707,7 +746,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-radarr app.kubernetes.io/name: grafana-dashboard-radarr
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -725,7 +765,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-servarr app.kubernetes.io/name: grafana-dashboard-servarr
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -743,7 +784,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-dashboard-sonarr app.kubernetes.io/name: grafana-dashboard-sonarr
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:

6
clusters/cl01tl/helm/grafana-operator/templates/grafana-datasource.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-datasource-prometheus app.kubernetes.io/name: grafana-datasource-prometheus
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
datasource: datasource:
name: Prometheus name: Prometheus
@@ -32,7 +33,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-datasource-loki app.kubernetes.io/name: grafana-datasource-loki
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
datasource: datasource:
name: Loki name: Loki

15
clusters/cl01tl/helm/grafana-operator/templates/grafana-folder.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-application app.kubernetes.io/name: grafana-folder-application
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -39,7 +40,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-iot app.kubernetes.io/name: grafana-folder-iot
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -73,7 +75,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-platform app.kubernetes.io/name: grafana-folder-platform
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -107,7 +110,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-service app.kubernetes.io/name: grafana-folder-service
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:
@@ -141,7 +145,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-folder-system app.kubernetes.io/name: grafana-folder-system
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
instanceSelector: instanceSelector:
matchLabels: matchLabels:

11
clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml
View File

@@ -5,7 +5,8 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grafana-main app.kubernetes.io/name: grafana-main
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
app: grafana-main app: grafana-main
spec: spec:
config: config:
@@ -65,22 +66,22 @@ spec:
- name: AUTH_CLIENT_ID - name: AUTH_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-oidc-authentik name: grafana-oauth-secret
key: AUTH_CLIENT_ID key: AUTH_CLIENT_ID
- name: AUTH_CLIENT_SECRET - name: AUTH_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-oidc-authentik name: grafana-oauth-secret
key: AUTH_CLIENT_SECRET key: AUTH_CLIENT_SECRET
- name: ADMIN_USER - name: ADMIN_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-config name: grafana-auth-secret
key: admin-user key: admin-user
- name: ADMIN_PASSWORD - name: ADMIN_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grafana-config name: grafana-auth-secret
key: admin-password key: admin-password
- name: DB_HOST - name: DB_HOST
valueFrom: valueFrom:

24
clusters/cl01tl/helm/grimmory/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.booksNfsName" -}}
grimmory-books-nfs-storage
{{- end -}}
{{- define "custom.booksImportNfsName" -}}
grimmory-books-import-nfs-storage
{{- end -}}

43
clusters/cl01tl/helm/grimmory/templates/external-secret.yaml
View File

@@ -1,21 +1,42 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: grimmory-database-config name: grimmory-database-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-database-config app.kubernetes.io/name: grimmory-database-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: /cl01tl/grimmory/database key: /cl01tl/grimmory/database
property: password property: password
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: grimmory-data-replication-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: grimmory-data-replication-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: psk.txt
remoteRef:
key: /cl01tl/grimmory/replication
property: psk.txt
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
@@ -24,11 +45,12 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
@@ -47,17 +69,18 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: access - secretKey: access
remoteRef: remoteRef:
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
property: ACCESS_KEY_ID property: access
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /garage/home-infra/mariadb-backups key: /garage/home-infra/mariadb-backups
property: ACCESS_SECRET_KEY property: secret

12
clusters/cl01tl/helm/grimmory/templates/namespace.yaml
View File

@@ -1,7 +1,13 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: {{ .Release.Namespace }} name: grimmory
annotations:
volsync.backube/privileged-movers: "true"
labels: labels:
app.kubernetes.io/name: {{ .Release.Namespace }} app.kubernetes.io/name: grimmory
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged

18
clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.booksNfsName" . }} name: grimmory-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.booksNfsName" . }} app.kubernetes.io/name: grimmory-books-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.booksNfsName" . }} volumeName: grimmory-books-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.booksImportNfsName" . }} name: grimmory-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.booksImportNfsName" . }} app.kubernetes.io/name: grimmory-books-import-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.booksImportNfsName" . }} volumeName: grimmory-books-import-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

16
clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.booksNfsName" . }} name: grimmory-books-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.booksNfsName" . }} app.kubernetes.io/name: grimmory-books-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.booksImportNfsName" . }} name: grimmory-books-import-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.booksImportNfsName" . }} app.kubernetes.io/name: grimmory-books-import-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -38,7 +40,7 @@ spec:
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
nfs: nfs:
path: '/volume2/Storage/Books Import' path: /volume2/Storage/Books Import
server: synologybond.alexlebens.net server: synologybond.alexlebens.net
mountOptions: mountOptions:
- vers=4 - vers=4

4
clusters/cl01tl/helm/grimmory/values.yaml
View File

@@ -27,7 +27,7 @@ grimmory:
- name: DATABASE_PASSWORD - name: DATABASE_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: grimmory-database-config name: grimmory-database-secret
key: password key: password
- name: GRIMMORY_PORT - name: GRIMMORY_PORT
value: 6060 value: 6060
@@ -98,7 +98,7 @@ mariadb-cluster:
mariadb: mariadb:
rootPasswordSecretKeyRef: rootPasswordSecretKeyRef:
generate: false generate: false
name: grimmory-database-config name: grimmory-database-secret
key: password key: password
storage: storage:
size: 5Gi size: 5Gi

14
clusters/cl01tl/helm/harbor/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

27
clusters/cl01tl/helm/harbor/templates/external-secret.yaml
View File

@@ -5,11 +5,12 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: harbor-secret app.kubernetes.io/name: harbor-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: HARBOR_ADMIN_PASSWORD - secretKey: HARBOR_ADMIN_PASSWORD
remoteRef: remoteRef:
@@ -17,12 +18,12 @@ spec:
property: admin-password property: admin-password
- secretKey: secretKey - secretKey: secretKey
remoteRef: remoteRef:
key: /cl01tl/harbor/key key: /cl01tl/harbor/config
property: secret-key property: secretKey
- secretKey: CSRF_KEY - secretKey: CSRF_KEY
remoteRef: remoteRef:
key: /cl01tl/harbor/key key: /cl01tl/harbor/core
property: csrf-key property: CSRF_KEY
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
key: /cl01tl/harbor/core key: /cl01tl/harbor/core
@@ -38,20 +39,24 @@ spec:
- secretKey: JOBSERVICE_SECRET - secretKey: JOBSERVICE_SECRET
remoteRef: remoteRef:
key: /cl01tl/harbor/jobservice key: /cl01tl/harbor/jobservice
property: secret property: JOBSERVICE_SECRET
- secretKey: REGISTRY_HTTP_SECRET - secretKey: REGISTRY_HTTP_SECRET
remoteRef: remoteRef:
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
property: http-secret property: REGISTRY_HTTP_SECRET
- secretKey: REGISTRY_REDIS_PASSWORD
remoteRef:
key: /cl01tl/harbor/registry
property: REGISTRY_REDIS_PASSWORD
- secretKey: REGISTRY_HTPASSWD - secretKey: REGISTRY_HTPASSWD
remoteRef: remoteRef:
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
property: ht-passwd property: REGISTRY_HTPASSWD
- secretKey: REGISTRY_CREDENTIAL_PASSWORD - secretKey: REGISTRY_CREDENTIAL_PASSWORD
remoteRef: remoteRef:
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
property: credential-password property: REGISTRY_CREDENTIAL_PASSWORD
- secretKey: REGISTRY_PASSWD - secretKey: REGISTRY_PASSWD
remoteRef: remoteRef:
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
property: credential-password property: REGISTRY_CREDENTIAL_PASSWORD

21
clusters/cl01tl/helm/headlamp/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
ServiceAccount name
*/}}
{{- define "custom.serviceAccountName" -}}
headlamp-admin
{{- end -}}

13
clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml
View File

@@ -5,15 +5,16 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: cluster-admin-oidc app.kubernetes.io/name: cluster-admin-oidc
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: cluster-admin name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects: subjects:
- apiGroup: rbac.authorization.k8s.io - kind: User
kind: User
name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com
apiGroup: rbac.authorization.k8s.io
- kind: ServiceAccount - kind: ServiceAccount
name: {{ include "custom.serviceAccountName" . }} name: headlamp-admin
namespace: {{ .Release.Namespace }} namespace: headlamp

25
clusters/cl01tl/helm/headlamp/templates/external-secret.yaml
View File

@@ -1,37 +1,38 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: headlamp-oidc-authentik name: headlamp-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: headlamp-oidc-authentik app.kubernetes.io/name: headlamp-oidc-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/headlamp key: /authentik/oidc/headlamp
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/headlamp key: /authentik/oidc/headlamp
property: secret property: secret
- secretKey: OIDC_ISSUER_URL - secretKey: OIDC_ISSUER_URL
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/headlamp key: /authentik/oidc/headlamp
property: issuer property: issuer
- secretKey: OIDC_SCOPES - secretKey: OIDC_SCOPES
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/headlamp key: /authentik/oidc/headlamp
property: scopes property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/headlamp key: /authentik/oidc/headlamp
property: issuer property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/headlamp key: /authentik/oidc/headlamp
property: client property: validator-client-id

7
clusters/cl01tl/helm/headlamp/templates/service-account.yaml
View File

@@ -1,8 +1,9 @@
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: {{ include "custom.serviceAccountName" . }} name: headlamp-admin
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }} app.kubernetes.io/name: headlamp-admin
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}

6
clusters/cl01tl/helm/headlamp/values.yaml
View File

@@ -10,7 +10,7 @@ headlamp:
create: false create: false
externalSecret: externalSecret:
enabled: true enabled: true
name: headlamp-oidc-authentik name: headlamp-oidc-secret
watchPlugins: true watchPlugins: true
httpRoute: httpRoute:
enabled: true enabled: true
@@ -27,9 +27,11 @@ headlamp:
type: PathPrefix type: PathPrefix
value: / value: /
backendRefs: backendRefs:
- kind: Service - group: ''
kind: Service
name: headlamp name: headlamp
port: 80 port: 80
weight: 100
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

14
clusters/cl01tl/helm/home-assistant/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

28
clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml
View File

@@ -1,40 +1,42 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: home-assistant-code-server-password name: home-assistant-code-server-password-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: home-assistant-code-server-password app.kubernetes.io/name: home-assistant-code-server-password-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: PASSWORD - secretKey: PASSWORD
remoteRef: remoteRef:
key: /cl01tl/home-assistant/code-server key: /cl01tl/home-assistant/code-server/auth
property: password property: PASSWORD
- secretKey: SUDO_PASSWORD - secretKey: SUDO_PASSWORD
remoteRef: remoteRef:
key: /cl01tl/home-assistant/code-server key: /cl01tl/home-assistant/code-server/auth
property: sudo-password property: SUDO_PASSWORD
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: home-assistant-metric-token name: home-assistant-token-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: home-assistant-metric-token app.kubernetes.io/name: home-assistant-token-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: bearer-token - secretKey: bearer-token
remoteRef: remoteRef:
key: /cl01tl/home-assistant/config key: /cl01tl/home-assistant/auth
property: bearer-token property: bearer-token

4
clusters/cl01tl/helm/home-assistant/values.yaml
View File

@@ -35,7 +35,7 @@ home-assistant:
value: /config value: /config
envFrom: envFrom:
- secretRef: - secretRef:
name: home-assistant-code-server-password name: home-assistant-code-server-password-secret
service: service:
main: main:
controller: main controller: main
@@ -63,7 +63,7 @@ home-assistant:
scrapeTimeout: 1m scrapeTimeout: 1m
path: /api/prometheus path: /api/prometheus
bearerTokenSecret: bearerTokenSecret:
name: home-assistant-metric-token name: home-assistant-token-secret
key: bearer-token key: bearer-token
route: route:
main: main:

21
clusters/cl01tl/helm/homepage/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
CluserRole Name
*/}}
{{- define "custom.clusterRoleName" -}}
homepage
{{- end -}}

9
clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml
View File

@@ -1,15 +1,16 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
metadata: metadata:
name: {{ include "custom.clusterRoleName" . }} name: homepage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.clusterRoleName" . }} app.kubernetes.io/name: homepage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
roleRef: roleRef:
apiGroup: rbac.authorization.k8s.io apiGroup: rbac.authorization.k8s.io
kind: ClusterRole kind: ClusterRole
name: {{ include "custom.clusterRoleName" . }} name: homepage
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: homepage name: homepage

7
clusters/cl01tl/helm/homepage/templates/cluster-role.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
name: {{ include "custom.clusterRoleName" . }} name: homepage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.clusterRoleName" . }} app.kubernetes.io/name: homepage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
rules: rules:
- apiGroups: - apiGroups:
- "" - ""

33
clusters/cl01tl/helm/homepage/templates/external-secret.yaml
View File

@@ -1,19 +1,20 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: homepage-secrets name: homepage-keys-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: homepage-secrets app.kubernetes.io/name: homepage-keys-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: HOMEPAGE_VAR_GITEA_API_TOKEN - secretKey: HOMEPAGE_VAR_GITEA_API_TOKEN
remoteRef: remoteRef:
key: /cl01tl/gitea/users/bot key: /cl01tl/gitea/auth/homepage
property: token property: token
- secretKey: HOMEPAGE_VAR_ARGOCD_API_TOKEN - secretKey: HOMEPAGE_VAR_ARGOCD_API_TOKEN
remoteRef: remoteRef:
@@ -33,47 +34,47 @@ spec:
property: key property: key
- secretKey: HOMEPAGE_VAR_SYNOLOGY_USER - secretKey: HOMEPAGE_VAR_SYNOLOGY_USER
remoteRef: remoteRef:
key: /synology/users/remote_stats key: /synology/auth/cl01tl
property: user property: user
- secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD - secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD
remoteRef: remoteRef:
key: /synology/users/remote_stats key: /synology/auth/cl01tl
property: password property: password
- secretKey: HOMEPAGE_VAR_UNIFI_API_KEY - secretKey: HOMEPAGE_VAR_UNIFI_API_KEY
remoteRef: remoteRef:
key: /unifi/users/cl01tl key: /unifi/auth/cl01tl
property: api-key property: api-key
- secretKey: HOMEPAGE_VAR_SONARR_KEY - secretKey: HOMEPAGE_VAR_SONARR_KEY
remoteRef: remoteRef:
key: /cl01tl/sonarr/key key: /cl01tl/sonarr4/key
property: key property: key
- secretKey: HOMEPAGE_VAR_SONARR4K_KEY - secretKey: HOMEPAGE_VAR_SONARR4K_KEY
remoteRef: remoteRef:
key: /cl01tl/sonarr-4k/key key: /cl01tl/sonarr4-4k/key
property: key property: key
- secretKey: HOMEPAGE_VAR_SONARRANIME_KEY - secretKey: HOMEPAGE_VAR_SONARRANIME_KEY
remoteRef: remoteRef:
key: /cl01tl/sonarr-anime/key key: /cl01tl/sonarr4-anime/key
property: key property: key
- secretKey: HOMEPAGE_VAR_RADARR_KEY - secretKey: HOMEPAGE_VAR_RADARR_KEY
remoteRef: remoteRef:
key: /cl01tl/radarr/key key: /cl01tl/radarr5/key
property: key property: key
- secretKey: HOMEPAGE_VAR_RADARR4K_KEY - secretKey: HOMEPAGE_VAR_RADARR4K_KEY
remoteRef: remoteRef:
key: /cl01tl/radarr-4k/key key: /cl01tl/radarr5-4k/key
property: key property: key
- secretKey: HOMEPAGE_VAR_RADARRANIME_KEY - secretKey: HOMEPAGE_VAR_RADARRANIME_KEY
remoteRef: remoteRef:
key: /cl01tl/radarr-anime/key key: /cl01tl/radarr5-anime/key
property: key property: key
- secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY - secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY
remoteRef: remoteRef:
key: /cl01tl/radarr-standup/key key: /cl01tl/radarr5-standup/key
property: key property: key
- secretKey: HOMEPAGE_VAR_LIDARR_KEY - secretKey: HOMEPAGE_VAR_LIDARR_KEY
remoteRef: remoteRef:
key: /cl01tl/lidarr/key key: /cl01tl/lidarr2/key
property: key property: key
- secretKey: HOMEPAGE_VAR_PROWLARR_KEY - secretKey: HOMEPAGE_VAR_PROWLARR_KEY
remoteRef: remoteRef:

2
clusters/cl01tl/helm/homepage/values.yaml
View File

@@ -22,7 +22,7 @@ homepage:
value: home.alexlebens.net value: home.alexlebens.net
envFrom: envFrom:
- secretRef: - secretRef:
name: homepage-secrets name: homepage-keys-secret
resources: resources:
requests: requests:
cpu: 1m cpu: 1m

14
clusters/cl01tl/helm/houndarr/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

14
clusters/cl01tl/helm/immich/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

18
clusters/cl01tl/helm/immich/templates/external-secrets.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: immich-config-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-config-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: immich.json
remoteRef:
key: /cl01tl/immich/config
property: immich.json

18
clusters/cl01tl/helm/immich/templates/secret-provider-class.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: secrets-store.csi.x-k8s.io/v1
kind: SecretProviderClass
metadata:
name: immich-config
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: immich-config
{{- include "custom.labels" . | nindent 4 }}
spec:
provider: openbao
parameters:
baoAddress: "http://openbao-internal.openbao:8200"
roleName: immich
objects: |
- objectName: immich.json
fileName: immich.json
secretPath: secret/data/cl01tl/immich/config
secretKey: immich.json

16
clusters/cl01tl/helm/immich/values.yaml
View File

@@ -4,8 +4,6 @@ immich:
type: deployment type: deployment
replicas: 1 replicas: 1
strategy: Recreate strategy: Recreate
serviceAccount:
name: immich
containers: containers:
main: main:
image: image:
@@ -88,10 +86,6 @@ immich:
gpu.intel.com/i915: 1 gpu.intel.com/i915: 1
cpu: 10m cpu: 10m
memory: 500Mi memory: 500Mi
serviceAccount:
immich:
enabled: true
staticToken: true
service: service:
main: main:
controller: main controller: main
@@ -141,13 +135,9 @@ immich:
value: / value: /
persistence: persistence:
config: config:
type: custom enabled: true
volumeSpec: type: secret
csi: name: immich-config-secret
driver: secrets-store.csi.k8s.io
readOnly: true
volumeAttributes:
secretProviderClass: immich-config
advancedMounts: advancedMounts:
main: main:
main: main:

14
clusters/cl01tl/helm/intel-device-plugin/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

7
clusters/cl01tl/helm/intel-device-plugin/templates/namespace.yaml
View File

@@ -1,10 +1,11 @@
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
name: {{ .Release.Namespace }} name: intel-device-plugin
labels: labels:
app.kubernetes.io/name: {{ .Release.Namespace }} app.kubernetes.io/name: intel-device-plugin
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/audit: privileged
pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/enforce: privileged
pod-security.kubernetes.io/warn: privileged pod-security.kubernetes.io/warn: privileged

24
clusters/cl01tl/helm/jellyfin/templates/_helpers.tpl
View File

@@ -1,24 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
jellyfin-nfs-storage
{{- end -}}
{{- define "custom.storageYoutubeNfsName" -}}
jellyfin-youtube-nfs-storage
{{- end -}}

22
clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml
View File

@@ -1,36 +1,38 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: jellyfin-metric-token name: jellyfin-exporter-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: jellyfin-metric-token app.kubernetes.io/name: jellyfin-exporter-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: token - secretKey: token
remoteRef: remoteRef:
key: /cl01tl/jellyfin/metrics key: /cl01tl/jellyfin/exporter
property: token property: token
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: jellyfin-meilisearch-key name: jellyfin-meilisearch-master-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: jellyfin-meilisearch-key app.kubernetes.io/name: jellyfin-meilisearch-master-key-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: MEILI_MASTER_KEY - secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
key: /cl01tl/jellyfin/meilisearch key: /cl01tl/jellyfin/meilisearch
property: master-key property: MEILI_MASTER_KEY

18
clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: jellyfin-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: jellyfin-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.storageNfsName" . }} volumeName: jellyfin-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany
@@ -19,13 +20,14 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.storageYoutubeNfsName" . }} name: jellyfin-youtube-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageYoutubeNfsName" . }} app.kubernetes.io/name: jellyfin-youtube-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.storageYoutubeNfsName" . }} volumeName: jellyfin-youtube-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadOnlyMany - ReadOnlyMany

14
clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml
View File

@@ -1,11 +1,12 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: jellyfin-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: jellyfin-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client
@@ -25,11 +26,12 @@ spec:
apiVersion: v1 apiVersion: v1
kind: PersistentVolume kind: PersistentVolume
metadata: metadata:
name: {{ include "custom.storageYoutubeNfsName" . }} name: jellyfin-youtube-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageYoutubeNfsName" . }} app.kubernetes.io/name: jellyfin-youtube-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
persistentVolumeReclaimPolicy: Retain persistentVolumeReclaimPolicy: Retain
storageClassName: nfs-client storageClassName: nfs-client

4
clusters/cl01tl/helm/jellyfin/values.yaml
View File

@@ -48,7 +48,7 @@ jellyfin:
- name: TOKEN - name: TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: jellyfin-metric-token name: jellyfin-exporter-secret
key: token key: token
service: service:
main: main:
@@ -133,7 +133,7 @@ meilisearch:
MEILI_ENV: production MEILI_ENV: production
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: jellyfin-meilisearch-key existingMasterKeySecret: jellyfin-meilisearch-master-key-secret
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block

14
clusters/cl01tl/helm/jellystat/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

15
clusters/cl01tl/helm/jellystat/templates/external-secret.yaml
View File

@@ -1,25 +1,26 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: jellystat-config name: jellystat-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: jellystat-config app.kubernetes.io/name: jellystat-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: secret-key - secretKey: secret-key
remoteRef: remoteRef:
key: /cl01tl/jellystat/key key: /cl01tl/jellystat/auth
property: secret-key property: secret-key
- secretKey: user - secretKey: user
remoteRef: remoteRef:
key: /cl01tl/jellystat/config key: /cl01tl/jellystat/auth
property: user property: user
- secretKey: password - secretKey: password
remoteRef: remoteRef:
key: /cl01tl/jellystat/cconfig key: /cl01tl/jellystat/auth
property: password property: password

6
clusters/cl01tl/helm/jellystat/values.yaml
View File

@@ -15,17 +15,17 @@ jellystat:
- name: JWT_SECRET - name: JWT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: jellystat-config name: jellystat-secret
key: secret-key key: secret-key
- name: JS_USER - name: JS_USER
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: jellystat-config name: jellystat-secret
key: user key: user
- name: JS_PASSWORD - name: JS_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: jellystat-config name: jellystat-secret
key: password key: password
- name: POSTGRES_USER - name: POSTGRES_USER
valueFrom: valueFrom:

14
clusters/cl01tl/helm/karakeep/templates/_helpers.tpl
View File

@@ -1,14 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}

91
clusters/cl01tl/helm/karakeep/templates/external-secret.yaml
View File

@@ -1,80 +1,48 @@
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: karakeep-key name: karakeep-key-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: karakeep-key app.kubernetes.io/name: karakeep-key-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: key - secretKey: key
remoteRef: remoteRef:
key: /cl01tl/karakeep/key key: /cl01tl/karakeep/key
property: key property: key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-metric-token
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-key-secret
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data:
- secretKey: prometheus-token - secretKey: prometheus-token
remoteRef: remoteRef:
key: /cl01tl/karakeep/metrics key: /cl01tl/karakeep/key
property: token property: prometheus-token
--- ---
apiVersion: external-secrets.io/v1 apiVersion: external-secrets.io/v1
kind: ExternalSecret kind: ExternalSecret
metadata: metadata:
name: karakeep-meilisearch-key name: karakeep-oidc-secret
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: karakeep-meilisearch-key app.kubernetes.io/name: karakeep-oidc-secret
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data:
- secretKey: MEILI_MASTER_KEY
remoteRef:
key: /cl01tl/karakeep/meilisearch
property: master-key
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-oidc-authentik
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-oidc-authentik
{{- include "custom.labels" . | nindent 4 }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: openbao
data: data:
- secretKey: AUTHENTIK_CLIENT_ID - secretKey: AUTHENTIK_CLIENT_ID
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/karakeep key: /authentik/oidc/karakeep
property: client property: client
- secretKey: AUTHENTIK_CLIENT_SECRET - secretKey: AUTHENTIK_CLIENT_SECRET
remoteRef: remoteRef:
key: /cl01tl/authentik/oidc/karakeep key: /authentik/oidc/karakeep
property: secret property: secret
--- ---
@@ -85,11 +53,12 @@ metadata:
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: karakeep-bucket-garage app.kubernetes.io/name: karakeep-bucket-garage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
secretStoreRef: secretStoreRef:
kind: ClusterSecretStore kind: ClusterSecretStore
name: openbao name: vault
data: data:
- secretKey: ACCESS_KEY_ID - secretKey: ACCESS_KEY_ID
remoteRef: remoteRef:
@@ -103,11 +72,23 @@ spec:
remoteRef: remoteRef:
key: /garage/home-infra/karakeep-assets key: /garage/home-infra/karakeep-assets
property: ACCESS_REGION property: ACCESS_REGION
- secretKey: BUCKET
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: karakeep-meilisearch-master-key-secret
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: karakeep-meilisearch-master-key-secret
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec:
secretStoreRef:
kind: ClusterSecretStore
name: vault
data:
- secretKey: MEILI_MASTER_KEY
remoteRef: remoteRef:
key: /garage/home-infra/karakeep-assets key: /cl01tl/karakeep/meilisearch
property: BUCKET property: MEILI_MASTER_KEY
- secretKey: ENDPOINT
remoteRef:
key: /garage/config
property: ENDPOINT_LOCAL

24
clusters/cl01tl/helm/karakeep/values.yaml
View File

@@ -19,28 +19,22 @@ karakeep:
- name: NEXTAUTH_SECRET - name: NEXTAUTH_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-key name: karakeep-key-secret
key: key key: key
- name: PROMETHEUS_AUTH_TOKEN - name: PROMETHEUS_AUTH_TOKEN
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-metric-token name: karakeep-key-secret
key: prometheus-token key: prometheus-token
- name: ASSET_STORE_S3_ENDPOINT - name: ASSET_STORE_S3_ENDPOINT
valueFrom: value: http://garage-main.garage:3900
secretKeyRef:
name: karakeep-bucket-garage
key: ENDPOINT
- name: ASSET_STORE_S3_REGION - name: ASSET_STORE_S3_REGION
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-bucket-garage name: karakeep-bucket-garage
key: ACCESS_REGION key: ACCESS_REGION
- name: ASSET_STORE_S3_BUCKET - name: ASSET_STORE_S3_BUCKET
valueFrom: value: karakeep-assets
secretKeyRef:
name: karakeep-bucket-garage
key: BUCKET
- name: ASSET_STORE_S3_ACCESS_KEY_ID - name: ASSET_STORE_S3_ACCESS_KEY_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
@@ -58,7 +52,7 @@ karakeep:
- name: MEILI_MASTER_KEY - name: MEILI_MASTER_KEY
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-meilisearch-key name: karakeep-meilisearch-master-key-secret
key: MEILI_MASTER_KEY key: MEILI_MASTER_KEY
- name: BROWSER_WEB_URL - name: BROWSER_WEB_URL
value: http://karakeep.karakeep:9222 value: http://karakeep.karakeep:9222
@@ -73,12 +67,12 @@ karakeep:
- name: OAUTH_CLIENT_ID - name: OAUTH_CLIENT_ID
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-oidc-authentik name: karakeep-oidc-secret
key: AUTHENTIK_CLIENT_ID key: AUTHENTIK_CLIENT_ID
- name: OAUTH_CLIENT_SECRET - name: OAUTH_CLIENT_SECRET
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
name: karakeep-oidc-authentik name: karakeep-oidc-secret
key: AUTHENTIK_CLIENT_SECRET key: AUTHENTIK_CLIENT_SECRET
- name: OLLAMA_BASE_URL - name: OLLAMA_BASE_URL
value: http://ollama-server-3.ollama:11434 value: http://ollama-server-3.ollama:11434
@@ -132,7 +126,7 @@ karakeep:
authorization: authorization:
credentials: credentials:
key: prometheus-token key: prometheus-token
name: karakeep-metric-token name: karakeep-key-secret
persistence: persistence:
data: data:
forceRename: karakeep forceRename: karakeep
@@ -150,7 +144,7 @@ meilisearch:
MEILI_ENV: production MEILI_ENV: production
MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true
auth: auth:
existingMasterKeySecret: karakeep-meilisearch-key existingMasterKeySecret: karakeep-meilisearch-master-key-secret
persistence: persistence:
enabled: true enabled: true
storageClass: ceph-block storageClass: ceph-block

21
clusters/cl01tl/helm/kiwix/templates/_helpers.tpl
View File

@@ -1,21 +0,0 @@
{{/*
Common labels
*/}}
{{- define "custom.labels" -}}
{{ include "custom.selectorLabels" $ }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "custom.selectorLabels" -}}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
{{- end }}
{{/*
NFS names
*/}}
{{- define "custom.storageNfsName" -}}
kiwix-nfs-storage
{{- end -}}

9
clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml
View File

@@ -1,13 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
name: {{ include "custom.storageNfsName" . }} name: kiwix-nfs-storage
namespace: {{ .Release.Namespace }} namespace: {{ .Release.Namespace }}
labels: labels:
app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} app.kubernetes.io/name: kiwix-nfs-storage
{{- include "custom.labels" . | nindent 4 }} app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/part-of: {{ .Release.Name }}
spec: spec:
volumeName: {{ include "custom.storageNfsName" . }} volumeName: kiwix-nfs-storage
storageClassName: nfs-client storageClassName: nfs-client
accessModes: accessModes:
- ReadWriteMany - ReadWriteMany

Some files were not shown because too many files have changed in this diff Show More