alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 4 Actions Activity

feat: refactor apps #5172

Merged
alexlebens merged 2 commits from tmp/refactor-8 into main 2026-03-27 00:22:09 +00:00
Conversation 0 Commits 2 Files Changed 11 +94 -71
11 changed files with 94 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
clusters/cl01tl/helm/eraser/Chart.yaml
View File

@@ -5,10 +5,10 @@ description: Eraser
keywords:
- eraser
- images
- kubernetes
home: https://wiki.alexlebens.dev/s/bb53ffae-0eda-4ed6-9fdd-894e672b4377
home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/eraser-dev/eraser
- https://github.com/eraser-dev/eraser/pkgs/container/eraser-manager
- https://github.com/eraser-dev/eraser/tree/main/charts/eraser
maintainers:
- name: alexlebens
@@ -16,6 +16,6 @@ dependencies:
- name: eraser
version: 1.4.1
repository: https://eraser-dev.github.io/eraser/charts
icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/kubernetes.png
icon: https://raw.githubusercontent.com/eraser-dev/eraser/refs/heads/main/images/eraser-logo-color-1c.png
# renovate: datasource=github-releases depName=eraser-dev/eraser
appVersion: v1.4.1

47
clusters/cl01tl/helm/eraser/values.yaml
View File

@@ -1,50 +1,37 @@
eraser:
runtimeConfig:
apiVersion: eraser.sh/v1alpha3
kind: EraserConfig
manager:
runtime:
name: containerd
address: unix:///run/containerd/containerd.sock
logLevel: info
scheduling:
repeatInterval: 24h
beginImmediately: true
profile:
enabled: false
port: 6060
imageJob:
successRatio: 1.0
cleanup:
delayOnSuccess: 0s
delayOnFailure: 24h
nodeFilter:
type: exclude
selectors:
- eraser.sh/cleanup.filter
- kubernetes.io/os=windows
components:
collector:
enabled: true
image:
repo: ghcr.io/eraser-dev/collector
tag: v1.4.1@sha256:827588ff826c3558bf2c50b1fc94f20122b054dfcf3480c3ffe6f0bae25c3dad
request:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 20Mi
scanner:
enabled: false
request:
cpu: 100m
memory: 128Mi
config: ""
remover:
image:
repo: ghcr.io/eraser-dev/remover
tag: v1.4.1@sha256:e57592157d717588f69c011cd0b6ab783a19a53b447a5350b27e7e66aae67525
request:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 20Mi
deploy:
securityContext:
allowPrivilegeEscalation: false
image:
repo: ghcr.io/eraser-dev/eraser-manager
tag: v1.4.1@sha256:5f18fb7da4ccad93a8643ece496681f1489b0d7b0ce45e18a94774cf8b6a717d
resources:
limits:
memory: null
requests:
cpu: 10m
memory: 30Mi
nodeSelector:
kubernetes.io/os: linux
cpu: 1m
memory: 20Mi

3
clusters/cl01tl/helm/excalidraw/Chart.yaml
View File

@@ -4,7 +4,8 @@ version: 1.0.0
description: Excalidraw
keywords:
- excalidraw
home: https://wiki.alexlebens.dev/
- drawing
home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/excalidraw/excalidraw
- https://hub.docker.com/r/excalidraw/excalidraw

11
clusters/cl01tl/helm/excalidraw/values.yaml
View File

@@ -4,13 +4,11 @@ excalidraw:
type: deployment
replicas: 1
strategy: Recreate
revisionHistoryLimit: 3
containers:
main:
image:
repository: excalidraw/excalidraw
tag: latest@sha256:3c2513e830bb6e195147c05b34ecf8393d0ba2b1cc86e93b407a5777d6135c6c
pullPolicy: IfNotPresent
env:
- name: NODE_ENV
value: production
@@ -18,8 +16,8 @@ excalidraw:
value: America/Chicago
resources:
requests:
cpu: 10m
memory: 128Mi
cpu: 1m
memory: 10Mi
service:
main:
controller: main
@@ -40,11 +38,8 @@ excalidraw:
- excalidraw.alexlebens.net
rules:
- backendRefs:
- group: ''
kind: Service
name: excalidraw
- name: excalidraw
port: 80
weight: 100
matches:
- path:
type: PathPrefix

4
clusters/cl01tl/helm/external-dns/Chart.yaml
View File

@@ -5,9 +5,7 @@ description: External DNS
keywords:
- external-dns
- dns
- unifi
- kubernetes
home: https://wiki.alexlebens.dev/s/7b50e4da-5dc1-4f62-baf9-14b5fed64552
home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/kubernetes-sigs/external-dns
- https://github.com/kubernetes-sigs/external-dns/tree/master/charts/external-dns

3
clusters/cl01tl/helm/external-dns/templates/external-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data:
- secretKey: api-key
remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /unifi/auth/cl01tl
metadataPolicy: None
property: api-key

26
clusters/cl01tl/helm/external-dns/values.yaml
View File

@@ -1,25 +1,27 @@
external-dns-unifi:
fullnameOverride: external-dns-unifi
resources:
requests:
cpu: 1m
memory: 80Mi
serviceMonitor:
enabled: true
interval: 1m
interval: 360m
sources:
- ingress
- crd
- gateway-httproute
- gateway-tlsroute
policy: sync
registry: txt
txtOwnerId: default
txtPrefix: k8s.
domainFilters: ["alexlebens.net"]
excludeDomains: []
excludeDomains: ["alexlebens.dev"]
provider:
name: webhook
webhook:
image:
repository: ghcr.io/kashalls/external-dns-unifi-webhook
tag: v0.8.2
tag: v0.8.2@sha256:7f0ddbbc83a36a2a9d762e25eef9cafcb3adf0493068a27d72ae71087eafe6f0
env:
- name: UNIFI_HOST
value: https://192.168.1.1
@@ -29,18 +31,6 @@ external-dns-unifi:
name: external-dns-unifi-secret
key: api-key
- name: LOG_LEVEL
value: debug
livenessProbe:
httpGet:
path: /healthz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /readyz
port: http-webhook
initialDelaySeconds: 10
timeoutSeconds: 5
value: info
extraArgs:
- --ignore-ingress-tls-spec

4
clusters/cl01tl/helm/external-secrets/Chart.lock
View File

@@ -2,5 +2,5 @@ dependencies:
- name: external-secrets
repository: https://charts.external-secrets.io
version: 2.2.0
digest: sha256:832fc3f8d3728bdea2b696a6044e4c18967cd9ab9c5cc74adbf40aaa270a84b4
generated: "2026-03-20T20:53:08.407747649Z"
digest: sha256:3894df20e1f3d56bc9789177181a84d8ae1402ef76ec6328e417ce5a568738ae
generated: "2026-03-26T19:19:15.734454-05:00"

7
clusters/cl01tl/helm/external-secrets/Chart.yaml
View File

@@ -5,15 +5,16 @@ description: External Secrets
keywords:
- external-secrets
- secrets
- vault
home: https://wiki.alexlebens.dev/s/d29044fb-0d63-4500-8853-2971964f356a
- operator
home: https://docs.alexlebens.dev/applications/eraser/
sources:
- https://github.com/external-secrets/external-secrets
- https://github.com/external-secrets/external-secrets/tree/main/deploy/charts/external-secrets
dependencies:
- name: external-secrets
alias: external-secrets
version: 2.2.0
repository: https://charts.external-secrets.io
icon: https://avatars.githubusercontent.com/u/68335991?s=48&v=4
icon: https://raw.githubusercontent.com/external-secrets/external-secrets/refs/heads/main/assets/eso-logo-large.png
# renovate: datasource=github-releases depName=external-secrets/external-secrets
appVersion: v2.2.0

44
clusters/cl01tl/helm/external-secrets/values.yaml Normal file
View File

@@ -0,0 +1,44 @@
external-secrets:
replicaCount: 1
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
installCRDs: true
crds:
createClusterExternalSecret: true
createClusterSecretStore: true
createSecretStore: true
createClusterGenerator: true
createClusterPushSecret: true
createPushSecret: true
leaderElect: true
extendedMetricLabels: true
resources:
requests:
cpu: 5m
memory: 50Mi
serviceMonitor:
enabled: true
livenessProbe:
enabled: true
readinessProbe:
enabled: true
podDisruptionBudget:
enabled: true
minAvailable: 1
webhook:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 30Mi
certController:
image:
repository: ghcr.io/external-secrets/external-secrets
tag: v2.2.0@sha256:876e627dbee5b0edd12da49b035469d12418cd6c3c4be5e383ae6a82e8bd4565
resources:
requests:
cpu: 1m
memory: 60Mi

10
renovate.json
View File

@@ -188,6 +188,16 @@
"/^rook(-ceph|\\/rook|\\/ceph)/"
]
},
{
"description": "Open for digest updates, specific packages",
"matchUpdateTypes": [
"digest"
],
"matchPackageNames": [
"excalidraw/excalidraw"
],
"enabled": true
},
{
"description": "Automerge digest updates, specific packages",
"matchUpdateTypes": [