alexlebens/infrastructure
1
0
Fork 0
Code Issues 1 Pull Requests 6 Actions Activity

Automated Manifest Update #5276

Merged
alexlebens merged 3 commits from auto/update-manifests into manifests 2026-03-30 01:46:35 +00:00
Conversation 0 Commits 3 Files Changed 11 +24 -88
11 changed files with 24 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
clusters/cl01tl/manifests/harbor/ExternalSecret-harbor-secret.yaml
View File

@@ -14,85 +14,49 @@ spec:
data: data:
- secretKey: HARBOR_ADMIN_PASSWORD - secretKey: HARBOR_ADMIN_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config key: /cl01tl/harbor/config
metadataPolicy: None
property: admin-password property: admin-password
- secretKey: secretKey - secretKey: secretKey
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/config key: /cl01tl/harbor/config
metadataPolicy: None
property: secretKey property: secretKey
- secretKey: CSRF_KEY - secretKey: CSRF_KEY
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core key: /cl01tl/harbor/core
metadataPolicy: None
property: CSRF_KEY property: CSRF_KEY
- secretKey: secret - secretKey: secret
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core key: /cl01tl/harbor/core
metadataPolicy: None
property: secret property: secret
- secretKey: tls.crt - secretKey: tls.crt
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.crt property: tls.crt
- secretKey: tls.key - secretKey: tls.key
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/core key: /cl01tl/harbor/core
metadataPolicy: None
property: tls.key property: tls.key
- secretKey: JOBSERVICE_SECRET - secretKey: JOBSERVICE_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/jobservice key: /cl01tl/harbor/jobservice
metadataPolicy: None
property: JOBSERVICE_SECRET property: JOBSERVICE_SECRET
- secretKey: REGISTRY_HTTP_SECRET - secretKey: REGISTRY_HTTP_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTTP_SECRET property: REGISTRY_HTTP_SECRET
- secretKey: REGISTRY_REDIS_PASSWORD - secretKey: REGISTRY_REDIS_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_REDIS_PASSWORD property: REGISTRY_REDIS_PASSWORD
- secretKey: REGISTRY_HTPASSWD - secretKey: REGISTRY_HTPASSWD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_HTPASSWD property: REGISTRY_HTPASSWD
- secretKey: REGISTRY_CREDENTIAL_PASSWORD - secretKey: REGISTRY_CREDENTIAL_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD property: REGISTRY_CREDENTIAL_PASSWORD
- secretKey: REGISTRY_PASSWD - secretKey: REGISTRY_PASSWD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/harbor/registry key: /cl01tl/harbor/registry
metadataPolicy: None
property: REGISTRY_CREDENTIAL_PASSWORD property: REGISTRY_CREDENTIAL_PASSWORD

2
clusters/cl01tl/manifests/harbor/StatefulSet-harbor-trivy.yaml
View File

@@ -46,7 +46,7 @@ spec:
automountServiceAccountToken: false automountServiceAccountToken: false
containers: containers:
- name: trivy - name: trivy
image: goharbor/trivy-adapter-photon:v2.14.3 image: ghcr.io/goharbor/trivy-adapter-photon:v2.15.0@sha256:6fd6de9cfbbb04cb1d94722cfa01cf71b8994d3f9e7891d3b03a89a7536480ba
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false

6
clusters/cl01tl/manifests/headlamp/Deployment-headlamp.yaml
View File

@@ -32,7 +32,7 @@ spec:
runAsGroup: 101 runAsGroup: 101
runAsNonRoot: true runAsNonRoot: true
runAsUser: 100 runAsUser: 100
image: "ghcr.io/headlamp-k8s/headlamp:v0.41.0" image: "ghcr.io/headlamp-k8s/headlamp:v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
envFrom: envFrom:
- secretRef: - secretRef:
@@ -60,8 +60,8 @@ spec:
port: http port: http
resources: resources:
requests: requests:
cpu: 10m cpu: 1m
memory: 128Mi memory: 80Mi
volumeMounts: volumeMounts:
- name: plugins-dir - name: plugins-dir
mountPath: /headlamp/plugins mountPath: /headlamp/plugins

18
clusters/cl01tl/manifests/headlamp/ExternalSecret-headlamp-oidc-secret.yaml
View File

@@ -14,43 +14,25 @@ spec:
data: data:
- secretKey: OIDC_CLIENT_ID - secretKey: OIDC_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None
property: client property: client
- secretKey: OIDC_CLIENT_SECRET - secretKey: OIDC_CLIENT_SECRET
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None
property: secret property: secret
- secretKey: OIDC_ISSUER_URL - secretKey: OIDC_ISSUER_URL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None
property: issuer property: issuer
- secretKey: OIDC_SCOPES - secretKey: OIDC_SCOPES
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None
property: scopes property: scopes
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-issuer-url property: validator-issuer-url
- secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /authentik/oidc/headlamp key: /authentik/oidc/headlamp
metadataPolicy: None
property: validator-client-id property: validator-client-id

16
clusters/cl01tl/manifests/headlamp/HTTPRoute-headlamp.yaml
View File

@@ -4,9 +4,11 @@ metadata:
name: headlamp name: headlamp
namespace: headlamp namespace: headlamp
labels: labels:
helm.sh/chart: headlamp-0.41.0
app.kubernetes.io/name: headlamp app.kubernetes.io/name: headlamp
app.kubernetes.io/instance: headlamp app.kubernetes.io/instance: headlamp
app.kubernetes.io/part-of: headlamp app.kubernetes.io/version: "0.41.0"
app.kubernetes.io/managed-by: Helm
spec: spec:
parentRefs: parentRefs:
- group: gateway.networking.k8s.io - group: gateway.networking.k8s.io
@@ -16,13 +18,13 @@ spec:
hostnames: hostnames:
- headlamp.alexlebens.net - headlamp.alexlebens.net
rules: rules:
- matches: - backendRefs:
- path: - group: ""
type: PathPrefix
value: /
backendRefs:
- group: ''
kind: Service kind: Service
name: headlamp name: headlamp
port: 80 port: 80
weight: 100 weight: 100
matches:
- path:
type: PathPrefix
value: /

19
clusters/cl01tl/manifests/home-assistant/Deployment-home-assistant.yaml
View File

@@ -29,6 +29,9 @@ spec:
enableServiceLinks: false enableServiceLinks: false
serviceAccountName: default serviceAccountName: default
automountServiceAccountToken: true automountServiceAccountToken: true
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
hostIPC: false hostIPC: false
hostNetwork: false hostNetwork: false
hostPID: false hostPID: false
@@ -36,7 +39,7 @@ spec:
containers: containers:
- env: - env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
- name: PUID - name: PUID
value: "1000" value: "1000"
- name: PGID - name: PGID
@@ -47,25 +50,19 @@ spec:
- secretRef: - secretRef:
name: home-assistant-code-server-password-secret name: home-assistant-code-server-password-secret
image: ghcr.io/linuxserver/code-server:4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b image: ghcr.io/linuxserver/code-server:4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b
imagePullPolicy: IfNotPresent
name: code-server name: code-server
resources:
requests:
cpu: 10m
memory: 128Mi
volumeMounts: volumeMounts:
- mountPath: /config/home-assistant - mountPath: /config/home-assistant
name: config name: config
- env: - env:
- name: TZ - name: TZ
value: US/Central value: America/Chicago
image: ghcr.io/home-assistant/home-assistant:2026.3.4 image: ghcr.io/home-assistant/home-assistant:2026.3.4@sha256:916682086154a7390114a9788782b8efb199852d4f7d47066722c2bc5d1829e6
imagePullPolicy: IfNotPresent
name: main name: main
resources: resources:
requests: requests:
cpu: 50m cpu: 1m
memory: 512Mi memory: 400Mi
volumeMounts: volumeMounts:
- mountPath: /config - mountPath: /config
name: config name: config

6
clusters/cl01tl/manifests/home-assistant/ExternalSecret-home-assistant-code-server-password-secret.yaml
View File

@@ -14,15 +14,9 @@ spec:
data: data:
- secretKey: PASSWORD - secretKey: PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: PASSWORD property: PASSWORD
- secretKey: SUDO_PASSWORD - secretKey: SUDO_PASSWORD
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/code-server/auth key: /cl01tl/home-assistant/code-server/auth
metadataPolicy: None
property: SUDO_PASSWORD property: SUDO_PASSWORD

3
clusters/cl01tl/manifests/home-assistant/ExternalSecret-home-assistant-token-secret.yaml
View File

@@ -14,8 +14,5 @@ spec:
data: data:
- secretKey: bearer-token - secretKey: bearer-token
remoteRef: remoteRef:
conversionStrategy: Default
decodingStrategy: None
key: /cl01tl/home-assistant/auth key: /cl01tl/home-assistant/auth
metadataPolicy: None
property: bearer-token property: bearer-token

2
clusters/cl01tl/manifests/home-assistant/HTTPRoute-home-assistant-code-server.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: home-assistant-code-server name: home-assistant-code-server
namespace: home-assistant namespace: home-assistant
port: 8443 port: 8443
weight: 100 weight: 1
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

2
clusters/cl01tl/manifests/home-assistant/HTTPRoute-home-assistant-main.yaml
View File

@@ -23,7 +23,7 @@ spec:
name: home-assistant-main name: home-assistant-main
namespace: home-assistant namespace: home-assistant
port: 80 port: 80
weight: 100 weight: 1
matches: matches:
- path: - path:
type: PathPrefix type: PathPrefix

2
clusters/cl01tl/manifests/postiz/Deployment-postiz.yaml
View File

@@ -92,7 +92,7 @@ spec:
name: postiz-oidc-secret name: postiz-oidc-secret
- name: POSTIZ_OAUTH_SCOPE - name: POSTIZ_OAUTH_SCOPE
value: openid profile email value: openid profile email
image: ghcr.io/gitroomhq/postiz-app:v2.21.2 image: ghcr.io/gitroomhq/postiz-app:v2.21.4
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: main name: main
resources: resources: