diff --git a/clusters/cl01tl/helm/harbor/Chart.yaml b/clusters/cl01tl/helm/harbor/Chart.yaml index 1856fe66d..9abe19b7f 100644 --- a/clusters/cl01tl/helm/harbor/Chart.yaml +++ b/clusters/cl01tl/helm/harbor/Chart.yaml @@ -4,15 +4,14 @@ version: 1.0.0 description: Harbor keywords: - harbor - - images - - cache - - kubernetes -home: https://wiki.alexlebens.dev/s/7e132c13-afee-48ec-b3dd-efd656d240c9 + - image-registry +home: https://docs.alexlebens.dev/applications/harbor/ sources: - https://github.com/goharbor - - https://github.com/cloudnative-pg/cloudnative-pg + - https://github.com/orgs/goharbor/packages - https://github.com/goharbor/harbor-helm - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/harbor/templates/external-secret.yaml b/clusters/cl01tl/helm/harbor/templates/external-secret.yaml index 54eca6055..929669edf 100644 --- a/clusters/cl01tl/helm/harbor/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/harbor/templates/external-secret.yaml @@ -14,85 +14,49 @@ spec: data: - secretKey: HARBOR_ADMIN_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/config - metadataPolicy: None property: admin-password - secretKey: secretKey remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/config - metadataPolicy: None property: secretKey - secretKey: CSRF_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/core - metadataPolicy: None property: CSRF_KEY - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/core - metadataPolicy: None property: secret - secretKey: tls.crt remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/core - metadataPolicy: None property: tls.crt - secretKey: tls.key remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/core - metadataPolicy: None property: tls.key - secretKey: JOBSERVICE_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/jobservice - metadataPolicy: None property: JOBSERVICE_SECRET - secretKey: REGISTRY_HTTP_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/registry - metadataPolicy: None property: REGISTRY_HTTP_SECRET - secretKey: REGISTRY_REDIS_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/registry - metadataPolicy: None property: REGISTRY_REDIS_PASSWORD - secretKey: REGISTRY_HTPASSWD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/registry - metadataPolicy: None property: REGISTRY_HTPASSWD - secretKey: REGISTRY_CREDENTIAL_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/registry - metadataPolicy: None property: REGISTRY_CREDENTIAL_PASSWORD - secretKey: REGISTRY_PASSWD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/harbor/registry - metadataPolicy: None property: REGISTRY_CREDENTIAL_PASSWORD diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 7ba5c83c0..07333fd8b 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -21,13 +21,9 @@ harbor: size: 100Gi existingSecretAdminPassword: harbor-secret existingSecretAdminPasswordKey: HARBOR_ADMIN_PASSWORD - internalTLS: - enabled: false ipFamily: ipv6: enabled: false - ipv4: - enabled: true updateStrategy: type: Recreate existingSecretSecretKey: harbor-secret @@ -73,12 +69,12 @@ harbor: credentials: existingSecret: harbor-secret upload_purging: - enabled: true age: 72h - interval: 24h - dryrun: false trivy: enabled: true + image: + repository: ghcr.io/goharbor/trivy-adapter-photon + tag: v2.15.0@sha256:6fd6de9cfbbb04cb1d94722cfa01cf71b8994d3f9e7891d3b03a89a7536480ba database: type: external external: @@ -109,32 +105,9 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 35 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external diff --git a/clusters/cl01tl/helm/headlamp/Chart.yaml b/clusters/cl01tl/helm/headlamp/Chart.yaml index dc374f93e..2c382863a 100644 --- a/clusters/cl01tl/helm/headlamp/Chart.yaml +++ b/clusters/cl01tl/helm/headlamp/Chart.yaml @@ -5,8 +5,7 @@ description: Headlamp keywords: - headlamp - dashboard - - kubernetes -home: https://wiki.alexlebens.dev/s/6cc43960-78df-459d-aab6-433844249243 +home: https://docs.alexlebens.dev/applications/headlamp/ sources: - https://github.com/headlamp-k8s/headlamp - https://github.com/headlamp-k8s/headlamp/tree/main/charts/headlamp diff --git a/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml b/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml index fc65d33d8..a9454d455 100644 --- a/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml @@ -14,43 +14,25 @@ spec: data: - secretKey: OIDC_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/headlamp - metadataPolicy: None property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/headlamp - metadataPolicy: None property: secret - secretKey: OIDC_ISSUER_URL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/headlamp - metadataPolicy: None property: issuer - secretKey: OIDC_SCOPES remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/headlamp - metadataPolicy: None property: scopes - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/headlamp - metadataPolicy: None property: validator-issuer-url - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/headlamp - metadataPolicy: None property: validator-client-id diff --git a/clusters/cl01tl/helm/headlamp/templates/http-route.yaml b/clusters/cl01tl/helm/headlamp/templates/http-route.yaml deleted file mode 100644 index cf866628f..000000000 --- a/clusters/cl01tl/helm/headlamp/templates/http-route.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: gateway.networking.k8s.io/v1 -kind: HTTPRoute -metadata: - name: headlamp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: headlamp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik - hostnames: - - headlamp.alexlebens.net - rules: - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - group: '' - kind: Service - name: headlamp - port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/headlamp/values.yaml b/clusters/cl01tl/helm/headlamp/values.yaml index 49479cdce..f508ec630 100644 --- a/clusters/cl01tl/helm/headlamp/values.yaml +++ b/clusters/cl01tl/helm/headlamp/values.yaml @@ -1,5 +1,9 @@ headlamp: replicaCount: 2 + image: + registry: ghcr.io + repository: headlamp-k8s/headlamp + tag: v0.41.0@sha256:89c6c65810bfde61796483c93c70d659104355593792bf55cab680d685da8eeb config: oidc: secret: @@ -10,10 +14,30 @@ headlamp: watchPlugins: true # Bypasses: https://github.com/kubernetes-sigs/headlamp/issues/4883 sessionTTL: null + httpRoute: + enabled: true + parentRefs: + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik + hostnames: + - headlamp.alexlebens.net + rules: + - matches: + - path: + type: PathPrefix + value: / + backendRefs: + - group: '' + kind: Service + name: headlamp + port: 80 + weight: 100 resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 80Mi pluginsManager: enabled: true securityContext: diff --git a/clusters/cl01tl/helm/home-assistant/Chart.yaml b/clusters/cl01tl/helm/home-assistant/Chart.yaml index b18d832b4..55417ee66 100644 --- a/clusters/cl01tl/helm/home-assistant/Chart.yaml +++ b/clusters/cl01tl/helm/home-assistant/Chart.yaml @@ -4,14 +4,13 @@ version: 1.0.0 description: Home Assistant keywords: - home-assistant - - home - - automation -home: https://wiki.alexlebens.dev/s/5462c17e-cd39-4082-ad01-94545a2fa3ca + - home-automation +home: https://docs.alexlebens.dev/applications/home-assistant/ sources: - - https://www.home-assistant.io/ - https://github.com/home-assistant/core - https://github.com/home-assistant/core/pkgs/container/home-assistant - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: diff --git a/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml b/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml index 8831bf961..6d3825e20 100644 --- a/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml @@ -14,17 +14,11 @@ spec: data: - secretKey: PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/home-assistant/code-server/auth - metadataPolicy: None property: PASSWORD - secretKey: SUDO_PASSWORD remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/home-assistant/code-server/auth - metadataPolicy: None property: SUDO_PASSWORD --- @@ -44,8 +38,5 @@ spec: data: - secretKey: bearer-token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/home-assistant/auth - metadataPolicy: None property: bearer-token diff --git a/clusters/cl01tl/helm/home-assistant/values.yaml b/clusters/cl01tl/helm/home-assistant/values.yaml index 0e832ec7b..22cc8aa35 100644 --- a/clusters/cl01tl/helm/home-assistant/values.yaml +++ b/clusters/cl01tl/helm/home-assistant/values.yaml @@ -4,28 +4,29 @@ home-assistant: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: repository: ghcr.io/home-assistant/home-assistant - tag: 2026.3.4 - pullPolicy: IfNotPresent + tag: 2026.3.4@sha256:916682086154a7390114a9788782b8efb199852d4f7d47066722c2bc5d1829e6 env: - name: TZ - value: US/Central + value: America/Chicago resources: requests: - cpu: 50m - memory: 512Mi + cpu: 1m + memory: 400Mi code-server: image: repository: ghcr.io/linuxserver/code-server tag: 4.112.0@sha256:4bb5b8ad22268001687c047f0f04933799fb03df1eb0e1e266ba15ed2d9f4e8b - pullPolicy: IfNotPresent env: - name: TZ - value: US/Central + value: America/Chicago - name: PUID value: 1000 - name: PGID @@ -35,10 +36,6 @@ home-assistant: envFrom: - secretRef: name: home-assistant-code-server-password-secret - resources: - requests: - cpu: 10m - memory: 128Mi service: main: controller: main @@ -82,11 +79,8 @@ home-assistant: - home-assistant.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: home-assistant-main + - name: home-assistant-main port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -102,11 +96,8 @@ home-assistant: - home-assistant-code-server.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: home-assistant-code-server + - name: home-assistant-code-server port: 8443 - weight: 100 matches: - path: type: PathPrefix