diff --git a/clusters/cl01tl/helm/kiwix/Chart.yaml b/clusters/cl01tl/helm/kiwix/Chart.yaml index ece9f8d33..cfe8f357d 100644 --- a/clusters/cl01tl/helm/kiwix/Chart.yaml +++ b/clusters/cl01tl/helm/kiwix/Chart.yaml @@ -5,7 +5,7 @@ description: Kiwix keywords: - kiwix - wikipedia -home: https://wiki.alexlebens.dev/s/16eaaf92-3607-421f-bc66-cb3c39eeaea0 +home: https://docs.alexlebens.dev/applications/kiwix/ sources: - https://github.com/kiwix - https://github.com/kiwix/kiwix-tools/pkgs/container/kiwix-serve diff --git a/clusters/cl01tl/helm/kiwix/values.yaml b/clusters/cl01tl/helm/kiwix/values.yaml index d52506bbc..13a995e16 100644 --- a/clusters/cl01tl/helm/kiwix/values.yaml +++ b/clusters/cl01tl/helm/kiwix/values.yaml @@ -4,13 +4,11 @@ kiwix: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/kiwix/kiwix-serve - tag: 3.8.2 - pullPolicy: IfNotPresent + tag: 3.8.2@sha256:acdab28186a66b51bfd4202210c6732931ea95cf41c711148a0c9770b9fcc9e1 args: - '*.zim' env: @@ -18,8 +16,8 @@ kiwix: value: 8080 resources: requests: - cpu: 50m - memory: 512Mi + cpu: 1m + memory: 10Mi service: main: controller: main @@ -27,7 +25,6 @@ kiwix: http: port: 80 targetPort: 8080 - protocol: HTTP route: main: kind: HTTPRoute @@ -40,11 +37,8 @@ kiwix: - kiwix.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: kiwix + - name: kiwix port: 80 - weight: 100 matches: - path: type: PathPrefix diff --git a/clusters/cl01tl/helm/komodo/Chart.lock b/clusters/cl01tl/helm/komodo/Chart.lock index 4729458d2..3cd4194e9 100644 --- a/clusters/cl01tl/helm/komodo/Chart.lock +++ b/clusters/cl01tl/helm/komodo/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 4.6.2 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.1 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:c1bbed66c94b64ba44ef1caadf74d46d9bce551e37b62b1cd0a3af9b81046251 -generated: "2026-03-24T14:00:56.813765-05:00" +digest: sha256:9af0fa5ab5e1895e94d64ea5983b5ee58c8b4dd9c5c8ef8021c8c7f950fd54c4 +generated: "2026-04-02T20:28:17.818342-05:00" diff --git a/clusters/cl01tl/helm/komodo/Chart.yaml b/clusters/cl01tl/helm/komodo/Chart.yaml index b2f70ab8a..73a1e0ba8 100644 --- a/clusters/cl01tl/helm/komodo/Chart.yaml +++ b/clusters/cl01tl/helm/komodo/Chart.yaml @@ -4,16 +4,16 @@ version: 1.0.0 description: Komodo keywords: - komodo - - deployment - - dashboard - - docker-compose -home: https://wiki.alexlebens.dev/s/bb7eb683-b5c7-4f50-9f2c-e8e57dc67c81 + - docker-deployment +home: https://docs.alexlebens.dev/applications/komodo/ sources: - https://github.com/moghtech/komodo - - https://github.com/cloudnative-pg/cloudnative-pg + - https://github.com/FerretDB/FerretDB - https://github.com/moghtech/komodo/pkgs/container/komodo-core + - https://github.com/ferretdb/FerretDB/pkgs/container/ferretdb - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -23,7 +23,7 @@ dependencies: version: 4.6.2 - name: postgres-cluster alias: postgresql-17-fdb-cluster - version: 7.10.0 + version: 7.11.1 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-keys diff --git a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml index 417ea260f..f9e7c9103 100644 --- a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml @@ -14,38 +14,23 @@ spec: data: - secretKey: passkey remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/komodo/config - metadataPolicy: None property: passkey - secretKey: jwt remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/komodo/config - metadataPolicy: None property: jwt - secretKey: webhook remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/komodo/config - metadataPolicy: None property: webhook - secretKey: oidc-client-id remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/komodo - metadataPolicy: None property: client - secretKey: oidc-client-secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/komodo - metadataPolicy: None property: secret --- @@ -65,15 +50,9 @@ spec: data: - secretKey: uri remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/komodo/ferret - metadataPolicy: None property: uri - secretKey: password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/komodo/ferret - metadataPolicy: None property: password diff --git a/clusters/cl01tl/helm/komodo/values.yaml b/clusters/cl01tl/helm/komodo/values.yaml index a2f975157..87ac4897b 100644 --- a/clusters/cl01tl/helm/komodo/values.yaml +++ b/clusters/cl01tl/helm/komodo/values.yaml @@ -10,7 +10,6 @@ komodo: image: repository: ghcr.io/moghtech/komodo-core tag: 2.1.1@sha256:2bbbb1efd3534211dac35091e0818f10398d9bdd98fdbf0ddef09e9e0b5ec4ba - pullPolicy: IfNotPresent env: - name: COMPOSE_LOGGING_DRIVER value: local @@ -45,7 +44,7 @@ komodo: - name: KOMODO_LOCAL_AUTH value: true - name: KOMODO_ENABLE_NEW_USERS - value: true + value: false - name: KOMODO_DISABLE_NON_ADMIN_CREATE value: true - name: KOMODO_TRANSPARENT_MODE @@ -82,18 +81,16 @@ komodo: resources: requests: cpu: 10m - memory: 128Mi + memory: 80Mi ferretdb-2: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/ferretdb/ferretdb - tag: 2.7.0 - pullPolicy: IfNotPresent + tag: 2.7.0@sha256:5706414241eb84f0515512c37b46db0f1b1eac9e5ceb7e4c2523211c184b1985 env: - name: DB_USERNAME value: ferret @@ -106,8 +103,8 @@ komodo: value: postgresql://$(DB_USERNAME):$(DB_PASSWORD)@komodo-postgresql-17-fdb-cluster-rw.komodo.svc.cluster.local:5432/ferretDB resources: requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 20Mi service: main: controller: main @@ -115,14 +112,12 @@ komodo: http: port: 80 targetPort: 9120 - protocol: HTTP ferretdb-2: controller: ferretdb-2 ports: http: port: 27017 targetPort: 27017 - protocol: HTTP route: main: kind: HTTPRoute @@ -135,11 +130,8 @@ komodo: - komodo.alexlebens.net rules: - backendRefs: - - group: '' - kind: Service - name: komodo-main + - name: komodo-main port: 80 - weight: 100 matches: - path: type: PathPrefix @@ -150,7 +142,6 @@ komodo: storageClass: ceph-block accessMode: ReadWriteOnce size: 1Gi - retain: true advancedMounts: main: main: @@ -160,7 +151,6 @@ komodo: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: @@ -170,7 +160,6 @@ komodo: storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: @@ -182,7 +171,7 @@ postgresql-17-fdb-cluster: cluster: image: repository: ghcr.io/ferretdb/postgres-documentdb - tag: "17-0.106.0-ferretdb-2.5.0" + tag: 17-0.107.0-ferretdb-2.7.0@sha256:2386795ec2aa7ae559304361979f1dc5708d383ee9020ae63dadc2940dfe58f7 postgresUID: 999 postgresGID: 999 postgresql: @@ -224,35 +213,12 @@ postgresql-17-fdb-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 50 14 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external volsync-target-keys: pvcTarget: komodo-keys local: diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock index b5f549834..06e4963c6 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock +++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: kube-prometheus-stack repository: oci://ghcr.io/prometheus-community/charts - version: 82.16.1 + version: 82.16.2 - name: app-template repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 - name: valkey repository: oci://harbor.alexlebens.net/helm-charts - version: 0.4.0 -digest: sha256:ece31be37d2fa7c7c59058e2d47e8190bea3baa742b4f04fe793956cd2d52f7f -generated: "2026-04-02T07:03:55.367235416Z" + version: 0.5.0 +digest: sha256:6f3598d0d38a17736419fe8d0e5e0899b774d91c38ef9a4f87743f81c729584c +generated: "2026-04-02T20:00:01.560565-05:00" diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml index 452314583..de3efe649 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml @@ -5,17 +5,15 @@ description: Kube Prometheus Stack keywords: - kube-prometheus-stack - prometheus - - alertmanager - - metrics - - alerts - - kubernetes -home: https://wiki.alexlebens.dev/s/cd9fc3a4-aa88-4285-8886-91a6c5aecf7d +home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/ sources: - https://github.com/prometheus/prometheus - https://github.com/prometheus-operator/kube-prometheus - - https://github.com/alexbakker/alertmanager-ntfy + - https://git.xenrox.net/~xenrox/ntfy-alertmanager/ + - https://hub.docker.com/r/xenrox/ntfy-alertmanager - https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack - https://github.com/bjw-s/helm-charts/blob/main/charts/other/app-template + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/valkey maintainers: - name: alexlebens dependencies: @@ -28,7 +26,7 @@ dependencies: version: 4.6.2 - name: valkey alias: valkey - version: 0.4.0 + version: 0.5.0 repository: oci://harbor.alexlebens.net/helm-charts icon: https://cdn.jsdelivr.net/gh/selfhst/icons/png/prometheus.png # renovate: datasource=github-releases depName=prometheus-operator/prometheus-operator diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml index 07406eb6f..f434f9f11 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml @@ -14,10 +14,7 @@ spec: data: - secretKey: ntfy_password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - metadataPolicy: None property: ntfy_password --- @@ -37,10 +34,7 @@ spec: data: - secretKey: token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/token - metadataPolicy: None property: metric --- @@ -60,15 +54,9 @@ spec: data: - secretKey: ntfy_password remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - metadataPolicy: None property: ntfy_password - secretKey: config remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - metadataPolicy: None property: config diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml index d970441e8..cdb335750 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml @@ -9,10 +9,8 @@ kube-prometheus-stack: kubeSchedulerRecording: false global: rbac: - create: true createAggregateClusterRoles: true alertmanager: - enabled: true config: route: group_by: ["namespace", "alertname"] @@ -36,8 +34,6 @@ kube-prometheus-stack: route: main: enabled: true - apiVersion: gateway.networking.k8s.io/v1 - kind: HTTPRoute hostnames: - alertmanager.alexlebens.net parentRefs: @@ -45,14 +41,9 @@ kube-prometheus-stack: kind: Gateway name: traefik-gateway namespace: traefik - matches: - - path: - type: PathPrefix - value: / alertmanagerSpec: secrets: - alertmanager-config-secret - replicas: 1 grafana: enabled: false kubeApiServer: @@ -61,11 +52,13 @@ kube-prometheus-stack: kubeControllerManager: enabled: false kubeEtcd: - enabled: true service: selector: k8s-app: kube-controller-manager serviceMonitor: + metricRelabelings: + - action: labeldrop + regex: pod relabelings: - sourceLabels: [__meta_kubernetes_pod_node_name] separator: ; @@ -73,22 +66,12 @@ kube-prometheus-stack: targetLabel: nodename replacement: $1 action: replace - metricRelabelings: - - action: labeldrop - regex: pod kubeScheduler: enabled: false kubeProxy: enabled: false - kubeStateMetrics: - enabled: true - nodeExporter: - operatingSystems: - darwin: - enabled: false prometheusOperator: admissionWebhooks: - enabled: true annotations: argocd.argoproj.io/hook: PreSync argocd.argoproj.io/hook-delete-policy: HookSucceeded @@ -106,8 +89,6 @@ kube-prometheus-stack: route: main: enabled: true - apiVersion: gateway.networking.k8s.io/v1 - kind: HTTPRoute hostnames: - prometheus.alexlebens.net parentRefs: @@ -115,13 +96,10 @@ kube-prometheus-stack: kind: Gateway name: traefik-gateway namespace: traefik - matches: - - path: - type: PathPrefix - value: / prometheusSpec: scrapeInterval: 30s - retention: 30d + retention: 45d + retentionSize: 240GiB externalUrl: https://prometheus.alexlebens.net ruleSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false @@ -142,14 +120,11 @@ ntfy-alertmanager: main: type: deployment replicas: 1 - strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: xenrox/ntfy-alertmanager - tag: 1.0.0 - pullPolicy: IfNotPresent + tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73 service: main: controller: main @@ -157,7 +132,6 @@ ntfy-alertmanager: http: port: 80 targetPort: 8080 - protocol: HTTP persistence: config: enabled: true