From 26a9b5983e1f8a3d676c0bc73ebb23a16c8817f9 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 26 Mar 2026 19:16:36 -0500 Subject: [PATCH 1/2] feat: refactor apps --- clusters/cl01tl/helm/eraser/Chart.yaml | 6 +-- clusters/cl01tl/helm/eraser/values.yaml | 47 +++++++------------ clusters/cl01tl/helm/excalidraw/Chart.yaml | 3 +- clusters/cl01tl/helm/excalidraw/values.yaml | 11 ++--- clusters/cl01tl/helm/external-dns/Chart.yaml | 4 +- .../templates/external-secret.yaml | 3 -- clusters/cl01tl/helm/external-dns/values.yaml | 26 ++++------ .../cl01tl/helm/external-secrets/Chart.yaml | 7 +-- .../cl01tl/helm/external-secrets/values.yaml | 44 +++++++++++++++++ renovate.json | 10 ++++ 10 files changed, 92 insertions(+), 69 deletions(-) create mode 100644 clusters/cl01tl/helm/external-secrets/values.yaml diff --git a/clusters/cl01tl/helm/eraser/Chart.yaml b/clusters/cl01tl/helm/eraser/Chart.yaml index 979d48cfd..385ea8034 100644 --- a/clusters/cl01tl/helm/eraser/Chart.yaml +++ b/clusters/cl01tl/helm/eraser/Chart.yaml @@ -5,10 +5,10 @@ description: Eraser keywords: - eraser - images - - kubernetes -home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377 +home: https://docs.alexlebens.dev/applications/eraser/ sources: - https://github.com/eraser-dev/eraser + - https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager - https://github.com/eraser-dev/eraser/tree/main/charts/eraser maintainers: - name: alexlebens @@ -16,6 +16,6 @@ dependencies: - name: eraser version: 1.4.1 repository: https://eraser-dev.github.io/eraser/charts -icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png +icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png # renovate: datasource=github-releases depName=eraser-dev/eraser appVersion: v1.4.1 diff --git a/clusters/cl01tl/helm/eraser/values.yaml b/clusters/cl01tl/helm/eraser/values.yaml index 6f6878688..612f7e910 100644 --- a/clusters/cl01tl/helm/eraser/values.yaml +++ b/clusters/cl01tl/helm/eraser/values.yaml @@ -1,50 +1,37 @@ eraser: runtimeConfig: - apiVersion: eraser.sh/v1alpha3 - kind: EraserConfig manager: - runtime: - name: containerd - address: unix:///run/containerd/containerd.sock - logLevel: info scheduling: repeatInterval: 24h beginImmediately: true - profile: - enabled: false - port: 6060 imageJob: - successRatio: 1.0 cleanup: delayOnSuccess: 0s delayOnFailure: 24h - nodeFilter: - type: exclude - selectors: - - eraser.sh/cleanup.filter - - kubernetes.io/os=windows components: collector: - enabled: true + image: + repo: ghcr.io/eraser-dev/collector + tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad request: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 20Mi scanner: enabled: false - request: - cpu: 100m - memory: 128Mi - config: "" remover: + image: + repo: ghcr.io/eraser-dev/remover + tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525 request: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 20Mi deploy: - securityContext: - allowPrivilegeEscalation: false + image: + repo: ghcr.io/eraser-dev/eraser-manager + tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d resources: + limits: + memory: null requests: - cpu: 10m - memory: 30Mi - nodeSelector: - kubernetes.io/os: linux + cpu: 1m + memory: 20Mi diff --git a/clusters/cl01tl/helm/excalidraw/Chart.yaml b/clusters/cl01tl/helm/excalidraw/Chart.yaml index 26273b8e7..13b45d2b3 100644 --- a/clusters/cl01tl/helm/excalidraw/Chart.yaml +++ b/clusters/cl01tl/helm/excalidraw/Chart.yaml @@ -4,7 +4,8 @@ version: 1.0.0 description: Excalidraw keywords: - excalidraw -home: https://wiki.alexlebens.dev/ + - drawing +home: https://docs.alexlebens.dev/applications/eraser/ sources: - https://github.com/excalidraw/excalidraw - https://hub.docker.com/r/excalidraw/excalidraw diff --git a/clusters/cl01tl/helm/excalidraw/values.yaml b/clusters/cl01tl/helm/excalidraw/values.yaml index acfe34415..db5dee9bc 100644 --- a/clusters/cl01tl/helm/excalidraw/values.yaml +++ b/clusters/cl01tl/helm/excalidraw/values.yaml @@ -4,13 +4,11 @@ excalidraw: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: excalidraw/excalidraw tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c - pullPolicy: IfNotPresent env: - name: NODE_ENV value: production @@ -18,8 +16,8 @@ excalidraw: value: America/Chicago resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 10Mi service: main: controller: main @@ -40,11 +38,8 @@ excalidraw: - excalidraw.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: excalidraw + - name: excalidraw port: 80 - weight: 100 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/helm/external-dns/Chart.yaml b/clusters/cl01tl/helm/external-dns/Chart.yaml index f6d3ae7cf..ad40e676e 100644 --- a/clusters/cl01tl/helm/external-dns/Chart.yaml +++ b/clusters/cl01tl/helm/external-dns/Chart.yaml @@ -5,9 +5,7 @@ description: External DNS keywords: - external-dns - dns - - unifi - - kubernetes -home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552 +home: https://docs.alexlebens.dev/applications/eraser/ sources: - https://github.com/kubernetes-sigs/external-dns - https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns diff --git a/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml b/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml index ba835545d..4cd51c9d8 100644 --- a/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml @@ -14,8 +14,5 @@ spec: data: - secretKey: api-key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /unifi/auth/cl01tl - metadataPolicy: None property: api-key diff --git a/clusters/cl01tl/helm/external-dns/values.yaml b/clusters/cl01tl/helm/external-dns/values.yaml index b0d6b8629..5ef934692 100644 --- a/clusters/cl01tl/helm/external-dns/values.yaml +++ b/clusters/cl01tl/helm/external-dns/values.yaml @@ -1,25 +1,27 @@ external-dns-unifi: fullnameOverride: external-dns-unifi + resources: + requests: + cpu: 1m + memory: 80Mi serviceMonitor: enabled: true - interval: 1m + interval: 360m sources: - - ingress - crd - gateway-httproute - gateway-tlsroute policy: sync - registry: txt txtOwnerId: default txtPrefix: k8s. domainFilters: ["alexlebens.net"] - excludeDomains: [] + excludeDomains: ["alexlebens.dev"] provider: name: webhook webhook: image: repository: ghcr.io/kashalls/external-dns-unifi-webhook - tag: v0.8.2 + tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0 env: - name: UNIFI_HOST value: https://192.168.1.1 @@ -29,18 +31,6 @@ external-dns-unifi: name: external-dns-unifi-secret key: api-key - name: LOG_LEVEL - value: debug - livenessProbe: - httpGet: - path: /healthz - port: http-webhook - initialDelaySeconds: 10 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /readyz - port: http-webhook - initialDelaySeconds: 10 - timeoutSeconds: 5 + value: info extraArgs: - --ignore-ingress-tls-spec diff --git a/clusters/cl01tl/helm/external-secrets/Chart.yaml b/clusters/cl01tl/helm/external-secrets/Chart.yaml index 2853ec700..d6e1cf049 100644 --- a/clusters/cl01tl/helm/external-secrets/Chart.yaml +++ b/clusters/cl01tl/helm/external-secrets/Chart.yaml @@ -5,15 +5,16 @@ description: External Secrets keywords: - external-secrets - secrets - - vault -home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a + - operator +home: https://docs.alexlebens.dev/applications/eraser/ sources: - https://github.com/external-secrets/external-secrets - https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets dependencies: - name: external-secrets + alias: external-secrets version: 2.2.0 repository: https://charts.external-secrets.io -icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4 +icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png # renovate: datasource=github-releases depName=external-secrets/external-secrets appVersion: v2.2.0 diff --git a/clusters/cl01tl/helm/external-secrets/values.yaml b/clusters/cl01tl/helm/external-secrets/values.yaml new file mode 100644 index 000000000..7ba6711bb --- /dev/null +++ b/clusters/cl01tl/helm/external-secrets/values.yaml @@ -0,0 +1,44 @@ +external-secrets: + replicaCount: 1 + image: + repository: ghcr.io/external-secrets/external-secrets + tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565 + installCRDs: true + crds: + createClusterExternalSecret: true + createClusterSecretStore: true + createSecretStore: true + createClusterGenerator: true + createClusterPushSecret: true + createPushSecret: true + leaderElect: true + extendedMetricLabels: true + resources: + requests: + cpu: 5m + memory: 50Mi + serviceMonitor: + enabled: true + livenessProbe: + enabled: true + readinessProbe: + enabled: true + podDisruptionBudget: + enabled: true + minAvailable: 1 + webhook: + image: + repository: ghcr.io/external-secrets/external-secrets + tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565 + resources: + requests: + cpu: 1m + memory: 30Mi + certController: + image: + repository: ghcr.io/external-secrets/external-secrets + tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565 + resources: + requests: + cpu: 1m + memory: 60Mi diff --git a/renovate.json b/renovate.json index 758a5e79a..0e2ed3a99 100644 --- a/renovate.json +++ b/renovate.json @@ -188,6 +188,16 @@ "/^rook(-ceph|\\/rook|\\/ceph)/" ] }, + { + "description": "Open for digest updates, specific packages", + "matchUpdateTypes": [ + "digest" + ], + "matchPackageNames": [ + "excalidraw/excalidraw" + ], + "enabled": true + }, { "description": "Automerge digest updates, specific packages", "matchUpdateTypes": [ -- 2.49.1 From 289af251d61456c5d07931cfcd98221bc41b2093 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 26 Mar 2026 19:19:55 -0500 Subject: [PATCH 2/2] fix: add lock --- clusters/cl01tl/helm/external-secrets/Chart.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/clusters/cl01tl/helm/external-secrets/Chart.lock b/clusters/cl01tl/helm/external-secrets/Chart.lock index 00018c684..07622436a 100644 --- a/clusters/cl01tl/helm/external-secrets/Chart.lock +++ b/clusters/cl01tl/helm/external-secrets/Chart.lock @@ -2,5 +2,5 @@ dependencies: - name: external-secrets repository: https://charts.external-secrets.io version: 2.2.0 -digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4 -generated: "2026-03-20T20:53:08.407747649Z" +digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae +generated: "2026-03-26T19:19:15.734454-05:00" -- 2.49.1