From d66f9b8f0d924ece483d19d4f2fd18e33ecbbe07 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 16:30:39 -0500 Subject: [PATCH 1/7] feat: refactor actual --- clusters/cl01tl/helm/actual/Chart.yaml | 3 ++- clusters/cl01tl/helm/actual/values.yaml | 17 +++++------------ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/clusters/cl01tl/helm/actual/Chart.yaml b/clusters/cl01tl/helm/actual/Chart.yaml index c6273b455..fc8d2fe58 100644 --- a/clusters/cl01tl/helm/actual/Chart.yaml +++ b/clusters/cl01tl/helm/actual/Chart.yaml @@ -5,11 +5,12 @@ description: Actual keywords: - actual - budget -home: https://wiki.alexlebens.dev/s/86192f45-94b7-45de-872c-6ef3fec7df5e +home: https://docs.alexlebens.dev/applications/actual/ sources: - https://github.com/actualbudget/actual - https://github.com/actualbudget/actual/pkgs/container/actual - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/actual/values.yaml b/clusters/cl01tl/helm/actual/values.yaml index 6cd281605..90f1b1b14 100644 --- a/clusters/cl01tl/helm/actual/values.yaml +++ b/clusters/cl01tl/helm/actual/values.yaml @@ -4,20 +4,18 @@ actual: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/actualbudget/actual tag: 26.3.0 - pullPolicy: IfNotPresent env: - - name: TZ - value: US/Central + - name: ACTUAL_PORT + value: 5006 resources: requests: - cpu: 10m - memory: 128Mi + cpu: 25m + memory: 64Mi probes: liveness: enabled: true @@ -54,11 +52,7 @@ actual: - actual.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: actual - port: 80 - weight: 100 + - port: 80 matches: - path: type: PathPrefix @@ -69,7 +63,6 @@ actual: storageClass: ceph-block accessMode: ReadWriteOnce size: 2Gi - retain: true advancedMounts: main: main: -- 2.49.1 From 685b1f09cdc32f57ef538c8fef535c3ffd390644 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 16:44:21 -0500 Subject: [PATCH 2/7] feat: add service name --- clusters/cl01tl/helm/actual/values.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/actual/values.yaml b/clusters/cl01tl/helm/actual/values.yaml index 90f1b1b14..cd114add5 100644 --- a/clusters/cl01tl/helm/actual/values.yaml +++ b/clusters/cl01tl/helm/actual/values.yaml @@ -52,7 +52,8 @@ actual: - actual.alexlebens.net rules: - backendRefs: - - port: 80 + - name: actual + port: 80 matches: - path: type: PathPrefix -- 2.49.1 From aecd2804eb9c871cdcfef812bb8da7e95e66a8b4 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 16:46:59 -0500 Subject: [PATCH 3/7] feat: add sha to image tag --- clusters/cl01tl/helm/actual/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/actual/values.yaml b/clusters/cl01tl/helm/actual/values.yaml index cd114add5..1ade7d7d0 100644 --- a/clusters/cl01tl/helm/actual/values.yaml +++ b/clusters/cl01tl/helm/actual/values.yaml @@ -8,7 +8,7 @@ actual: main: image: repository: ghcr.io/actualbudget/actual - tag: 26.3.0 + tag: 26.3.0@sha256:eb8bc26f53025e07e464594c12d77c52c4b95840c8dadd9b95c4f0c4660f8ad2 env: - name: ACTUAL_PORT value: 5006 -- 2.49.1 From b1f38a5362d0ec3733096367e83ad16ebf8fc0ae Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 18:34:23 -0500 Subject: [PATCH 4/7] feat: refactor argo-workflows --- .../cl01tl/helm/argo-workflows/Chart.yaml | 5 +- .../templates/external-secret.yaml | 6 -- .../argo-workflows/templates/http-route.yaml | 28 -------- .../cl01tl/helm/argo-workflows/values.yaml | 66 +++++++------------ 4 files changed, 26 insertions(+), 79 deletions(-) delete mode 100644 clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml diff --git a/clusters/cl01tl/helm/argo-workflows/Chart.yaml b/clusters/cl01tl/helm/argo-workflows/Chart.yaml index 10c59b31a..aced1f047 100644 --- a/clusters/cl01tl/helm/argo-workflows/Chart.yaml +++ b/clusters/cl01tl/helm/argo-workflows/Chart.yaml @@ -7,12 +7,13 @@ keywords: - argo-events - workflows - events -home: https://wiki.alexlebens.dev/s/a268508f-d81d-4b4b-8bd5-9058edaea635 +home: https://docs.alexlebens.dev/applications/argo-workflows/ sources: - https://github.com/argoproj/argo-workflows - https://github.com/argoproj/argo-events - https://github.com/cloudnative-pg/cloudnative-pg - - https://github.com/argoproj/argo-helm/tree/main/charts + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-workflows + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-events - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster maintainers: - name: alexlebens diff --git a/clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml b/clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml index a28701b32..4df0b3be5 100644 --- a/clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/argo-workflows/templates/external-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/argo-workflows - metadataPolicy: None property: secret - secretKey: client remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/argo-workflows - metadataPolicy: None property: client diff --git a/clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml b/clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml deleted file mode 100644 index d1bfaa142..000000000 --- a/clusters/cl01tl/helm/argo-workflows/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: argo-workflows - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: argo-workflows - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - argo-workflows.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: argo-workflows-server - port: 2746 - weight: 100 diff --git a/clusters/cl01tl/helm/argo-workflows/values.yaml b/clusters/cl01tl/helm/argo-workflows/values.yaml index 2dbade056..7ebeeb0b9 100644 --- a/clusters/cl01tl/helm/argo-workflows/values.yaml +++ b/clusters/cl01tl/helm/argo-workflows/values.yaml @@ -2,8 +2,6 @@ argo-workflows: crds: install: true keep: true - # -- Use full CRDs with complete OpenAPI schemas. When false, uses minified CRDs with x-kubernetes-preserve-unknown-fields. - # Full CRDs are very large and are installed via a pre-install/pre-upgrade hook Job that uses server-side apply. full: true upgradeJob: image: @@ -13,11 +11,6 @@ argo-workflows: metricsConfig: enabled: true persistence: - connectionPool: - maxIdleConns: 100 - maxOpenConns: 0 - nodeStatusOffLoad: true - archive: true postgresql: host: argo-workflows-postgresql-18-cluster-rw port: 5432 @@ -32,24 +25,34 @@ argo-workflows: ssl: false sslMode: disable workflowWorkers: 2 - workflowTTLWorkers: 1 - podCleanupWorkers: 1 - cronWorkflowWorkers: 1 + workflowTTLWorkers: 2 + podCleanupWorkers: 2 + cronWorkflowWorkers: 2 resources: requests: cpu: 10m - memory: 128Mi + memory: 32Mi serviceMonitor: enabled: true - name: workflow-controller workflowNamespaces: - - argocd - argo-workflows server: authModes: - sso - ingress: - enabled: false + httproute: + enabled: true + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - argo-workflows.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / sso: enabled: true issuer: https://authentik.alexlebens.net/application/o/argo-workflows/ @@ -66,15 +69,15 @@ argo-workflows: - openid - email - profile - useStaticCredentials: true - artifactRepository: - archiveLogs: false argo-events: + crds: + install: true + keep: true controller: resources: requests: cpu: 10m - memory: 128Mi + memory: 32Mi metrics: enabled: true serviceMonitor: @@ -84,7 +87,7 @@ argo-events: resources: requests: cpu: 10m - memory: 128Mi + memory: 32Mi postgres-18-cluster: mode: recovery recovery: @@ -98,32 +101,9 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external -- 2.49.1 From e14a4cd90a0e80c1a0b4d2036240fa0cb714b426 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 19:52:41 -0500 Subject: [PATCH 5/7] feat: refactor argo-cd --- clusters/cl01tl/helm/argocd/Chart.yaml | 4 +- .../argocd/templates/external-secret.yaml | 18 --- clusters/cl01tl/helm/argocd/values.yaml | 107 ++++++++++++++++-- 3 files changed, 96 insertions(+), 33 deletions(-) diff --git a/clusters/cl01tl/helm/argocd/Chart.yaml b/clusters/cl01tl/helm/argocd/Chart.yaml index 6cf38ade3..3a08c6d02 100644 --- a/clusters/cl01tl/helm/argocd/Chart.yaml +++ b/clusters/cl01tl/helm/argocd/Chart.yaml @@ -4,10 +4,8 @@ version: 1.0.0 description: Argo CD keywords: - argo-cd - - delivery - deployment - - gitops -home: https://wiki.alexlebens.dev/s/8a75cf26-b9df-437e-9cc5-2ef47e871a5f +home: https://docs.alexlebens.dev/applications/argo-cd/ sources: - https://github.com/argoproj/argo-cd - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd diff --git a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml index 03ac12a9d..6881a10f1 100644 --- a/clusters/cl01tl/helm/argocd/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/argocd/templates/external-secret.yaml @@ -14,17 +14,11 @@ spec: data: - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/argocd - metadataPolicy: None property: secret - secretKey: client remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/argocd - metadataPolicy: None property: client --- @@ -44,10 +38,7 @@ spec: data: - secretKey: ntfy-token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: token --- @@ -67,22 +58,13 @@ spec: data: - secretKey: type remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/argocd/credentials/repo/infrastructure - metadataPolicy: None property: type - secretKey: url remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/argocd/credentials/repo/infrastructure - metadataPolicy: None property: url - secretKey: sshPrivateKey remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/argocd/credentials/repo/infrastructure - metadataPolicy: None property: sshPrivateKey diff --git a/clusters/cl01tl/helm/argocd/values.yaml b/clusters/cl01tl/helm/argocd/values.yaml index 9f7eab2f7..62feaf6d0 100644 --- a/clusters/cl01tl/helm/argocd/values.yaml +++ b/clusters/cl01tl/helm/argocd/values.yaml @@ -1,12 +1,11 @@ argo-cd: crds: install: true + keep: true configs: cm: admin.enabled: true accounts.homepage: apiKey - timeout.reconciliation: 100s - timeout.reconciliation.jitter: 60s url: https://argocd.alexlebens.net statusbadge.url: https://argocd.alexlebens.net/ statusbadge.enabled: true @@ -33,12 +32,47 @@ argo-cd: g, homepage, role:readonly controller: replicas: 1 + resources: + requests: + cpu: 15m + memory: 1Gi metrics: enabled: true serviceMonitor: enabled: true + rules: + enabled: true + spec: + - alert: ArgoAppMissing + expr: | + absent(argocd_app_info) == 1 + for: 15m + labels: + severity: critical + annotations: + summary: "[Argo CD] No reported applications" + description: > + Argo CD has not reported any applications data for the past 15 minutes which + means that it must be down or not functioning properly. This needs to be + resolved for this cloud to continue to maintain state. + - alert: ArgoAppNotSynced + expr: | + argocd_app_info{sync_status!="Synced"} == 1 + for: 12h + labels: + severity: warning + annotations: + summary: "[{{`{{$labels.name}}`}}] Application not synchronized" + description: > + The application [{{`{{$labels.name}}`}} has not been synchronized for over + 12 hours which means that the state of this cloud has drifted away from the + state inside Git. dex: enabled: true + resources: + requests: + cpu: 10m + memory: 64Mi metrics: enabled: true serviceMonitor: @@ -49,13 +83,57 @@ argo-cd: enabled: true redis-ha: enabled: true + image: + repository: redis + tag: 8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0 + persistentVolume: + enabled: true + redis: + resources: + requests: + cpu: 1000m + memory: 64Mi + haproxy: + enabled: true + image: + repository: haproxy + tag: 3.0.19-alpine@sha256:ec781a129b8c4837c76fcb26f7b585708966873b536b9d7aa7cbcc342ae8a76f + resources: + requests: + cpu: 10m + memory: 128Mi + metrics: + enabled: true + serviceMonitor: + enabled: true + exporter: + enabled: true + image: ghcr.io/oliver006/redis_exporter + tag: v1.82.0@sha256:6a97d4dd743b533e1f950c677b87d880e44df363c61af3f406fc9e53ed65ee03 + serviceMonitor: + enabled: true + prometheusRule: + enabled: true + interval: 30s + rules: + - alert: RedisPodDown + expr: | + redis_up{job="{{ include "redis-ha.fullname" . }}"} == 0 + for: 5m + labels: + severity: critical + annotations: + description: Redis pod {{ "{{ $labels.pod }}" }} is down + summary: Redis pod {{ "{{ $labels.pod }}" }} is down auth: false redisSecretInit: enabled: false server: replicas: 2 - extensions: - enabled: false + resources: + requests: + cpu: 10m + memory: 64Mi metrics: enabled: true serviceMonitor: @@ -69,19 +147,22 @@ argo-cd: namespace: traefik hostnames: - argocd.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / repoServer: replicas: 2 + resources: + requests: + cpu: 10m + memory: 64Mi metrics: enabled: true serviceMonitor: enabled: true applicationSet: replicas: 2 + resources: + requests: + cpu: 10m + memory: 64Mi metrics: enabled: true serviceMonitor: @@ -91,9 +172,7 @@ argo-cd: readinessProbe: enabled: true notifications: - enabled: true - context: - argocdUrl: https://argocd.alexlebens.net + argocdUrl: https://argocd.alexlebens.net secret: create: false name: argocd-notifications-secret @@ -107,6 +186,10 @@ argo-cd: headers: - name: Authorization value: Bearer $ntfy-token + resources: + requests: + cpu: 10m + memory: 64Mi livenessProbe: enabled: true readinessProbe: -- 2.49.1 From 98fe52fbbced406140e4566076d8ad34ea33b2af Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 20:01:21 -0500 Subject: [PATCH 6/7] feat: change probes --- clusters/cl01tl/helm/argocd/values.yaml | 34 +++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/clusters/cl01tl/helm/argocd/values.yaml b/clusters/cl01tl/helm/argocd/values.yaml index 62feaf6d0..be845ccc9 100644 --- a/clusters/cl01tl/helm/argocd/values.yaml +++ b/clusters/cl01tl/helm/argocd/values.yaml @@ -36,6 +36,12 @@ argo-cd: requests: cpu: 15m memory: 1Gi + readinessProbe: + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 metrics: enabled: true serviceMonitor: @@ -153,6 +159,20 @@ argo-cd: requests: cpu: 10m memory: 64Mi + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 metrics: enabled: true serviceMonitor: @@ -167,10 +187,20 @@ argo-cd: enabled: true serviceMonitor: enabled: true - livenessProbe: - enabled: true readinessProbe: enabled: true + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 60 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 notifications: argocdUrl: https://argocd.alexlebens.net secret: -- 2.49.1 From 07c7f3925c492e62afd58476a821d0b2a5b94088 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Sun, 22 Mar 2026 20:09:44 -0500 Subject: [PATCH 7/7] feat: specify alpine --- clusters/cl01tl/helm/argocd/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/clusters/cl01tl/helm/argocd/values.yaml b/clusters/cl01tl/helm/argocd/values.yaml index be845ccc9..3aadbd496 100644 --- a/clusters/cl01tl/helm/argocd/values.yaml +++ b/clusters/cl01tl/helm/argocd/values.yaml @@ -91,7 +91,7 @@ argo-cd: enabled: true image: repository: redis - tag: 8.6.1@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0 + tag: 8.6.1-alpine@sha256:315270d166080f537bbdf1b489b603aaaa213cb55a544acfa51feb7481abb1c0 persistentVolume: enabled: true redis: -- 2.49.1