diff --git a/clusters/cl01tl/helm/harbor/Chart.lock b/clusters/cl01tl/helm/harbor/Chart.lock index d51266709..bd2dde348 100644 --- a/clusters/cl01tl/helm/harbor/Chart.lock +++ b/clusters/cl01tl/helm/harbor/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 1.18.3 - name: postgres-cluster repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm - version: 7.11.1 + version: 7.11.2 - name: valkey repository: oci://harbor.alexlebens.net/helm-charts version: 0.5.0 -digest: sha256:fb17e2bad9c3a303da2b9d65ee5bd082a58ca6a5cee17d337e2536747982aa2c -generated: "2026-03-31T18:38:15.510833-05:00" +digest: sha256:2ef60d6315a21e0d92970570630cc74720643e7e51e0574107249684ddc2fab5 +generated: "2026-04-07T20:36:47.509644-05:00" diff --git a/clusters/cl01tl/helm/harbor/Chart.yaml b/clusters/cl01tl/helm/harbor/Chart.yaml index b33f80019..63e334af9 100644 --- a/clusters/cl01tl/helm/harbor/Chart.yaml +++ b/clusters/cl01tl/helm/harbor/Chart.yaml @@ -20,7 +20,7 @@ dependencies: repository: https://helm.goharbor.io - name: postgres-cluster alias: postgres-18-cluster - version: 7.11.1 + version: 7.11.2 repository: https://gitea.alexlebens.net/api/packages/alexlebens/helm - name: valkey alias: valkey diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml index 733c1fd66..f9df5ed51 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/Chart.yaml @@ -5,6 +5,7 @@ description: Kube Prometheus Stack keywords: - kube-prometheus-stack - prometheus + - metrics home: https://docs.alexlebens.dev/applications/kube-prometheus-stack/ sources: - https://github.com/prometheus/prometheus diff --git a/clusters/cl01tl/helm/s3-exporter/Chart.yaml b/clusters/cl01tl/helm/s3-exporter/Chart.yaml index 140cc39b7..01560fa99 100644 --- a/clusters/cl01tl/helm/s3-exporter/Chart.yaml +++ b/clusters/cl01tl/helm/s3-exporter/Chart.yaml @@ -5,6 +5,7 @@ description: S3 Exporter keywords: - s3-exporter - storage + - metrics home: https://docs.alexlebens.dev/applications/s3-exporter/ sources: - https://github.com/molu8bits/s3bucket_exporter diff --git a/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml b/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml index c5fa9a99d..82b9ab69e 100644 --- a/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml +++ b/clusters/cl01tl/helm/speedtest-exporter/Chart.yaml @@ -5,6 +5,7 @@ description: Speedtest Exporter keywords: - speedtest-exporter - internet-speed + - metrics home: https://docs.alexlebens.dev/applications/speedtest-exporter/ sources: - https://github.com/MiguelNdeCarvalho/speedtest-exporter diff --git a/clusters/cl01tl/helm/talos/values.yaml b/clusters/cl01tl/helm/talos/values.yaml index e0c1a7d70..ee9f3b707 100644 --- a/clusters/cl01tl/helm/talos/values.yaml +++ b/clusters/cl01tl/helm/talos/values.yaml @@ -376,7 +376,7 @@ etcd-defrag: cronjob: suspend: false timeZone: America/Chicago - schedule: "0 0 * * 0" + schedule: 0 0 * * 0 backoffLimit: 3 parallelism: 1 containers: @@ -404,7 +404,7 @@ etcd-defrag: cronjob: suspend: false timeZone: America/Chicago - schedule: "10 0 * * 0" + schedule: 10 0 * * 0 backoffLimit: 3 parallelism: 1 containers: @@ -432,7 +432,7 @@ etcd-defrag: cronjob: suspend: false timeZone: America/Chicago - schedule: "20 0 * * 0" + schedule: 20 0 * * 0 backoffLimit: 3 parallelism: 1 containers: diff --git a/clusters/cl01tl/helm/tdarr/values.yaml b/clusters/cl01tl/helm/tdarr/values.yaml index eab74a6d9..f6dba3916 100644 --- a/clusters/cl01tl/helm/tdarr/values.yaml +++ b/clusters/cl01tl/helm/tdarr/values.yaml @@ -12,7 +12,7 @@ tdarr: main: image: repository: ghcr.io/haveagitgat/tdarr - tag: 2.67.01@sha256:dc23becc667f77d2489b1042bd3af87fdd2fd85c2802e126928ef2ced9a8f560 + tag: 2.67.01@sha256:048ae8ed4de8e9f0de51ad739b2105bee3e4d1a8575120df468cec5f6ef2b1da env: - name: TZ value: America/Chicago @@ -68,7 +68,7 @@ tdarr: main: image: repository: ghcr.io/haveagitgat/tdarr_node - tag: 2.67.01@sha256:048ae8ed4de8e9f0de51ad739b2105bee3e4d1a8575120df468cec5f6ef2b1da + tag: 2.67.01@sha256:dc23becc667f77d2489b1042bd3af87fdd2fd85c2802e126928ef2ced9a8f560 env: - name: TZ value: America/Chicago diff --git a/clusters/cl01tl/helm/unpackerr/Chart.yaml b/clusters/cl01tl/helm/unpackerr/Chart.yaml index f9f36a516..6111c5af3 100644 --- a/clusters/cl01tl/helm/unpackerr/Chart.yaml +++ b/clusters/cl01tl/helm/unpackerr/Chart.yaml @@ -6,7 +6,7 @@ keywords: - unpackerr - archive - servarr -home: https://wiki.alexlebens.dev/s/7d3193ee-4ca3-4477-bdb0-44f2258bc088 +home: https://docs.alexlebens.dev/applications/unpackerr/ sources: - https://github.com/Unpackerr/unpackerr - https://hub.docker.com/r/golift/unpackerr diff --git a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml index caa831b9a..81e691f28 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml @@ -14,57 +14,33 @@ spec: data: - secretKey: UN_SONARR_0_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/sonarr4/key - metadataPolicy: None property: key - secretKey: UN_SONARR_1_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/sonarr4-4k/key - metadataPolicy: None property: key - secretKey: UN_SONARR_2_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/sonarr4-anime/key - metadataPolicy: None property: key - secretKey: UN_RADARR_0_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5/key - metadataPolicy: None property: key - secretKey: UN_RADARR_1_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5-4k/key - metadataPolicy: None property: key - secretKey: UN_RADARR_2_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5-anime/key - metadataPolicy: None property: key - secretKey: UN_RADARR_3_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/radarr5-standup/key - metadataPolicy: None property: key - secretKey: UN_LIDARR_0_API_KEY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/lidarr2/key - metadataPolicy: None property: key diff --git a/clusters/cl01tl/helm/unpackerr/values.yaml b/clusters/cl01tl/helm/unpackerr/values.yaml index 9d2551fc9..378b9bca0 100644 --- a/clusters/cl01tl/helm/unpackerr/values.yaml +++ b/clusters/cl01tl/helm/unpackerr/values.yaml @@ -4,16 +4,18 @@ unpackerr: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 + pod: + securityContext: + fsGroup: 1000 + fsGroupChangePolicy: OnRootMismatch containers: main: image: repository: golift/unpackerr - tag: 0.15.2 - pullPolicy: IfNotPresent + tag: 0.15.2@sha256:057e34740d26c34d81ec8e2faf8ec11f8dbfc77489b7a42826f52b37e5ee1b6c env: - name: TZ - value: US/Central + value: America/Chicago - name: UN_WEBSERVER_METRICS value: true - name: UN_SONARR_0_URL @@ -54,7 +56,7 @@ unpackerr: resources: requests: cpu: 10m - memory: 128Mi + memory: 10Mi persistence: storage: existingClaim: unpackerr-nfs-storage diff --git a/clusters/cl01tl/helm/unpoller/Chart.yaml b/clusters/cl01tl/helm/unpoller/Chart.yaml index 9db0a07a0..243b79c33 100644 --- a/clusters/cl01tl/helm/unpoller/Chart.yaml +++ b/clusters/cl01tl/helm/unpoller/Chart.yaml @@ -5,9 +5,8 @@ description: Unpoller keywords: - unpoller - ubiquiti - - unifi - metrics -home: https://wiki.alexlebens.dev/s/cac4e7b1-3d8e-4a32-993c-c6b3f1d2c344 +home: https://docs.alexlebens.dev/applications/unpoller/ sources: - https://github.com/unpoller/unpoller - https://github.com/unpoller/unpoller/pkgs/container/unpoller @@ -19,6 +18,6 @@ dependencies: alias: unpoller repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 -icon: https://camo.githubusercontent.com/c5d07a5b3acfeac8e1c25bf56f440ffe032b86e4e7f15de82357f022a43fc927/68747470733a2f2f756e706f6c6c65722e636f6d2f696d672f6c6f676f2e706e67 +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/ubiquiti-unifi.png # renovate: datasource=github-releases depName=unpoller/unpoller appVersion: v2.39.0 diff --git a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml index ac23d4f6b..9e355be95 100644 --- a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: UP_UNIFI_CONTROLLER_0_USER remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /unifi/auth/cl01tl - metadataPolicy: None property: user - secretKey: UP_UNIFI_CONTROLLER_0_PASS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /unifi/auth/cl01tl - metadataPolicy: None property: password diff --git a/clusters/cl01tl/helm/unpoller/values.yaml b/clusters/cl01tl/helm/unpoller/values.yaml index 3ff5102bb..3c3caf9d1 100644 --- a/clusters/cl01tl/helm/unpoller/values.yaml +++ b/clusters/cl01tl/helm/unpoller/values.yaml @@ -4,16 +4,14 @@ unpoller: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/unpoller/unpoller - tag: v2.39.0 - pullPolicy: IfNotPresent + tag: v2.39.0@sha256:1cf63ad43121acc6995da1bd636063de9023b4bfc16599a4297951a6fb6b7fd2 env: - name: UP_UNIFI_CONTROLLER_0_SAVE_ALARMS - value: 'false' + value: 'true' - name: UP_UNIFI_CONTROLLER_0_SAVE_ANOMALIES value: 'false' - name: UP_UNIFI_CONTROLLER_0_SAVE_DPI @@ -21,7 +19,7 @@ unpoller: - name: UP_UNIFI_CONTROLLER_0_SAVE_EVENTS value: 'false' - name: UP_UNIFI_CONTROLLER_0_SAVE_IDS - value: 'false' + value: 'true' - name: UP_UNIFI_CONTROLLER_0_SAVE_SITES value: 'true' - name: UP_UNIFI_CONTROLLER_0_URL @@ -44,7 +42,7 @@ unpoller: resources: requests: cpu: 10m - memory: 64Mi + memory: 20Mi service: main: controller: main @@ -52,7 +50,6 @@ unpoller: metrics: port: 9130 targetPort: 9130 - protocol: TCP serviceMonitor: main: selector: diff --git a/clusters/cl01tl/helm/vault/Chart.yaml b/clusters/cl01tl/helm/vault/Chart.yaml index 646b12b0d..448e40fba 100644 --- a/clusters/cl01tl/helm/vault/Chart.yaml +++ b/clusters/cl01tl/helm/vault/Chart.yaml @@ -5,7 +5,7 @@ description: Vault keywords: - vault - secrets -home: https://wiki.alexlebens.dev/s/5e40fae1-53a5-4bd0-9953-6fcbe88f1987 +home: https://docs.alexlebens.dev/applications/vault/ sources: - https://github.com/hashicorp/vault - https://github.com/Angatar/s3cmd @@ -29,6 +29,6 @@ dependencies: alias: unseal repository: https://bjw-s-labs.github.io/helm-charts/ version: 4.6.2 -icon: https://raw.githubusercontent.com/walkxcode/dashboard-icons/main/png/vault.png +icon: https://cdn.jsdelivr.net/gh/selfhst/icons@main/png/hashicorp-vault.png # renovate: datasource=github-releases depName=hashicorp/vault appVersion: 1.21.4 diff --git a/clusters/cl01tl/helm/vault/templates/external-secret.yaml b/clusters/cl01tl/helm/vault/templates/external-secret.yaml index 79fc891f4..70ee24901 100644 --- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml @@ -14,17 +14,11 @@ spec: data: - secretKey: VAULT_APPROLE_ROLE_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/snapshot - metadataPolicy: None property: VAULT_APPROLE_ROLE_ID - secretKey: VAULT_APPROLE_SECRET_ID remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/snapshot - metadataPolicy: None property: VAULT_APPROLE_SECRET_ID --- @@ -44,17 +38,11 @@ spec: data: - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: s3cfg-local - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: BUCKET --- @@ -74,17 +62,11 @@ spec: data: - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: s3cfg-remote - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /garage/home-infra/vault-backups - metadataPolicy: None property: BUCKET --- @@ -104,17 +86,11 @@ spec: data: - secretKey: .s3cfg remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None property: s3cfg - secretKey: BUCKET remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /digital-ocean/home-infra/vault-backup - metadataPolicy: None property: BUCKET --- @@ -134,24 +110,15 @@ spec: data: - secretKey: NTFY_TOKEN remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: token - secretKey: NTFY_ENDPOINT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /ntfy/user/cl01tl - metadataPolicy: None property: endpoint - secretKey: NTFY_TOPIC remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/snapshot - metadataPolicy: None property: NTFY_TOPIC --- @@ -171,66 +138,39 @@ spec: data: - secretKey: ENVIRONMENT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-1 - metadataPolicy: None property: NOTIFY_QUEUE_DELAY --- @@ -250,66 +190,39 @@ spec: data: - secretKey: ENVIRONMENT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-2 - metadataPolicy: None property: NOTIFY_QUEUE_DELAY --- @@ -329,66 +242,39 @@ spec: data: - secretKey: ENVIRONMENT remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: ENVIRONMENT - secretKey: CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: CHECK_INTERVAL - secretKey: MAX_CHECK_INTERVAL remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: MAX_CHECK_INTERVAL - secretKey: NODES remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: NODES - secretKey: TLS_SKIP_VERIFY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: TLS_SKIP_VERIFY - secretKey: TOKENS remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: TOKENS - secretKey: EMAIL_ENABLED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: EMAIL_ENABLED - secretKey: NOTIFY_MAX_ELAPSED remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: NOTIFY_MAX_ELAPSED - secretKey: NOTIFY_QUEUE_DELAY remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/unseal/config-3 - metadataPolicy: None property: NOTIFY_QUEUE_DELAY --- @@ -408,43 +294,25 @@ spec: data: - secretKey: token remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: token - secretKey: unseal_key_1 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_1 - secretKey: unseal_key_2 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_2 - secretKey: unseal_key_3 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_3 - secretKey: unseal_key_4 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_4 - secretKey: unseal_key_5 remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /cl01tl/vault/token - metadataPolicy: None property: unseal_key_5 diff --git a/clusters/cl01tl/helm/vault/templates/http-route.yaml b/clusters/cl01tl/helm/vault/templates/http-route.yaml index efc9bdf25..8d64a8846 100644 --- a/clusters/cl01tl/helm/vault/templates/http-route.yaml +++ b/clusters/cl01tl/helm/vault/templates/http-route.yaml @@ -25,4 +25,3 @@ spec: kind: Service name: vault-active port: 8200 - weight: 100 diff --git a/clusters/cl01tl/helm/vault/values.yaml b/clusters/cl01tl/helm/vault/values.yaml index 53e941c29..8450adb0b 100644 --- a/clusters/cl01tl/helm/vault/values.yaml +++ b/clusters/cl01tl/helm/vault/values.yaml @@ -1,9 +1,5 @@ vault: global: - enabled: true - tlsDisable: true - psp: - enable: false serverTelemetry: prometheusOperator: true injector: @@ -12,23 +8,14 @@ vault: enabled: true image: repository: hashicorp/vault - tag: 1.21.4 - updateStrategyType: "RollingUpdate" - logLevel: debug - logFormat: standard + tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 + updateStrategyType: RollingUpdate resources: requests: cpu: 50m - memory: 512Mi - ingress: - enabled: false - route: - enabled: false + memory: 90Mi authDelegator: enabled: false - readinessProbe: - enabled: true - port: 8200 livenessProbe: enabled: false volumes: @@ -39,43 +26,17 @@ vault: - mountPath: /opt/backups/ name: vault-storage-backup readOnly: false - affinity: | - podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "vault.name" . }} - app.kubernetes.io/instance: "{{ .Release.Name }}" - component: server - topologyKey: kubernetes.io/hostname - networkPolicy: - enabled: false - service: - enabled: true - active: - enabled: true - standby: - enabled: false - type: ClusterIP - port: 8200 - targetPort: 8200 dataStorage: - enabled: true size: 1Gi - mountPath: "/vault/data" - accessMode: ReadWriteOnce + storageClass: ceph-block auditStorage: - enabled: false + enabled: true size: 5Gi - mountPath: "/vault/audit" - accessMode: ReadWriteOnce - dev: - enabled: false + storageClass: ceph-block standalone: enabled: false ha: enabled: true - replicas: 3 raft: enabled: true config: | @@ -109,30 +70,12 @@ vault: prometheus_retention_time = "30s" disable_hostname = true } - disruptionBudget: enabled: true - maxUnavailable: null - serviceAccount: - create: true - serviceDiscovery: - enabled: true - hostNetwork: false - ui: - enabled: true - publishNotReadyAddresses: true - activeVaultPodOnly: false - serviceType: "ClusterIP" - serviceNodePort: null - externalPort: 8200 - targetPort: 8200 - csi: - enabled: false + maxUnavailable: 1 serverTelemetry: serviceMonitor: enabled: true - interval: 30s - scrapeTimeout: 10s prometheusRules: enabled: true rules: @@ -158,20 +101,15 @@ snapshot: type: cronjob cronjob: suspend: false - concurrencyPolicy: Forbid - timeZone: US/Central + timeZone: America/Chicago schedule: 0 4 * * * - startingDeadlineSeconds: 90 - successfulJobsHistory: 1 - failedJobsHistory: 3 backoffLimit: 3 parallelism: 1 initContainers: snapshot: image: repository: hashicorp/vault - tag: 1.21.4 - pullPolicy: IfNotPresent + tag: 1.21.4@sha256:4e33b126a59c0c333b76fb4e894722462659a6bec7c48c9ee8cea56fccfd2569 command: - /bin/ash args: @@ -328,53 +266,47 @@ unseal: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/lrstanley/vault-unseal - tag: 0.7.2 - pullPolicy: IfNotPresent + tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c envFrom: - secretRef: name: vault-unseal-config-1 resources: requests: - cpu: 10m - memory: 24Mi + cpu: 1m + memory: 10Mi unseal-2: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/lrstanley/vault-unseal - tag: 0.7.2 - pullPolicy: IfNotPresent + tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c envFrom: - secretRef: name: vault-unseal-config-2 resources: requests: - cpu: 10m - memory: 24Mi + cpu: 1m + memory: 10Mi unseal-3: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: repository: ghcr.io/lrstanley/vault-unseal - tag: 0.7.2 - pullPolicy: IfNotPresent + tag: 0.7.2@sha256:b25d0c2f6a73d1b9a3907befa473f08fe9fac828d248d7e9702517c5b967733c envFrom: - secretRef: name: vault-unseal-config-3 resources: requests: - cpu: 10m - memory: 24Mi + cpu: 1m + memory: 10Mi diff --git a/clusters/cl01tl/helm/vaultwarden/Chart.lock b/clusters/cl01tl/helm/vaultwarden/Chart.lock index 4fd483bc2..08b041d9b 100644 --- a/clusters/cl01tl/helm/vaultwarden/Chart.lock +++ b/clusters/cl01tl/helm/vaultwarden/Chart.lock @@ -7,9 +7,9 @@ dependencies: version: 2.4.0 - name: postgres-cluster repository: oci://harbor.alexlebens.net/helm-charts - version: 7.10.0 + version: 7.11.2 - name: volsync-target repository: oci://harbor.alexlebens.net/helm-charts version: 0.8.0 -digest: sha256:6f78b41937412c1db5e0f612287d29ea81c1d9169b8a0efd98a0dd4be3e532d1 -generated: "2026-03-15T20:10:47.852109985Z" +digest: sha256:1b1949361ed77479733f8634a2ac6d74d4d8ba3144339446f5508643a0b57a31 +generated: "2026-04-07T20:19:48.079671-05:00" diff --git a/clusters/cl01tl/helm/vaultwarden/Chart.yaml b/clusters/cl01tl/helm/vaultwarden/Chart.yaml index 331f86393..fc4d11458 100644 --- a/clusters/cl01tl/helm/vaultwarden/Chart.yaml +++ b/clusters/cl01tl/helm/vaultwarden/Chart.yaml @@ -4,17 +4,15 @@ version: 1.0.0 description: Vaultwarden keywords: - vaultwarden - - bitwarden - - password -home: https://wiki.alexlebens.dev/s/fecd00f9-ebce-43eb-b066-3721b15432e3 + - password-manager +home: https://docs.alexlebens.dev/applications/vault/ sources: - https://github.com/dani-garcia/vaultwarden - - https://github.com/cloudflare/cloudflared - - https://github.com/cloudnative-pg/cloudnative-pg - https://hub.docker.com/r/vaultwarden/server - https://github.com/bjw-s-labs/helm-charts/tree/main/charts/other/app-template - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/cloudflared - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/postgres-cluster + - https://gitea.alexlebens.dev/alexlebens/helm-charts/src/branch/main/charts/volsync-target maintainers: - name: alexlebens dependencies: @@ -27,7 +25,7 @@ dependencies: version: 2.4.0 - name: postgres-cluster alias: postgres-18-cluster - version: 7.10.0 + version: 7.11.2 repository: oci://harbor.alexlebens.net/helm-charts - name: volsync-target alias: volsync-target-data diff --git a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml index 06194ab3a..958e974b4 100644 --- a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml @@ -14,15 +14,9 @@ spec: data: - secretKey: client remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/vaultwarden - metadataPolicy: None property: client - secretKey: secret remoteRef: - conversionStrategy: Default - decodingStrategy: None key: /authentik/oidc/vaultwarden - metadataPolicy: None property: secret diff --git a/clusters/cl01tl/helm/vaultwarden/values.yaml b/clusters/cl01tl/helm/vaultwarden/values.yaml index 607eb628c..e0de023ec 100644 --- a/clusters/cl01tl/helm/vaultwarden/values.yaml +++ b/clusters/cl01tl/helm/vaultwarden/values.yaml @@ -4,13 +4,11 @@ vaultwarden: type: deployment replicas: 1 strategy: Recreate - revisionHistoryLimit: 3 containers: main: image: - repository: vaultwarden/server - tag: 1.35.4 - pullPolicy: IfNotPresent + repository: ghcr.io/vaultwarden/server + tag: 1.35.4@sha256:43498a94b22f9563f2a94b53760ab3e710eefc0d0cac2efda4b12b9eb8690664 env: - name: DOMAIN value: https://passwords.alexlebens.dev @@ -44,7 +42,7 @@ vaultwarden: resources: requests: cpu: 10m - memory: 128Mi + memory: 30Mi service: main: controller: main @@ -52,14 +50,12 @@ vaultwarden: http: port: 80 targetPort: 80 - protocol: HTTP persistence: config: forceRename: vaultwarden-data storageClass: ceph-block accessMode: ReadWriteOnce size: 5Gi - retain: true advancedMounts: main: main: @@ -78,35 +74,12 @@ postgres-18-cluster: destinationBucket: postgres-backups externalSecretCredentialPath: /garage/home-infra/postgres-backups isWALArchiver: true - # - name: garage-remote - # index: 1 - # destinationBucket: postgres-backups - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # retentionPolicy: "90d" - # data: - # compression: bzip2 - # - name: external - # index: 1 - # endpointURL: https://nyc3.digitaloceanspaces.com - # destinationBucket: postgres-backups-ce540ddf106d186bbddca68a - # externalSecretCredentialPath: /garage/home-infra/postgres-backups - # isWALArchiver: false scheduledBackups: - name: live-backup suspend: false immediate: true schedule: "0 0 0 * * *" backupName: garage-local - # - name: weekly-backup - # suspend: true - # immediate: true - # schedule: "0 0 4 * * SAT" - # backupName: garage-remote - # - name: daily-backup - # suspend: true - # immediate: true - # schedule: "0 0 0 * * *" - # backupName: external volsync-target-data: pvcTarget: vaultwarden-data local: diff --git a/clusters/cl01tl/helm/version-checker/Chart.yaml b/clusters/cl01tl/helm/version-checker/Chart.yaml index 03de9af2d..8f02bc408 100644 --- a/clusters/cl01tl/helm/version-checker/Chart.yaml +++ b/clusters/cl01tl/helm/version-checker/Chart.yaml @@ -5,6 +5,7 @@ description: Version Checker keywords: - version-checker - update-tracker + - metrics home: https://docs.alexlebens.dev/applications/version-checker/ sources: - https://github.com/jetstack/version-checker diff --git a/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml b/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml new file mode 100644 index 000000000..7fd6f7ce0 --- /dev/null +++ b/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml @@ -0,0 +1,16 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: version-checker + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: version-checker + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/part-of: {{ .Release.Name }} +spec: + selector: + matchLabels: + app: version-checker + endpoints: + - port: web + path: /metrics diff --git a/clusters/cl01tl/helm/version-checker/values.yaml b/clusters/cl01tl/helm/version-checker/values.yaml index 6f1257bc5..c9c7b61a9 100644 --- a/clusters/cl01tl/helm/version-checker/values.yaml +++ b/clusters/cl01tl/helm/version-checker/values.yaml @@ -10,8 +10,7 @@ version-checker: resources: requests: cpu: 1m - memory: 40Mi + memory: 400Mi prometheus: enabled: true - replicas: 1 serviceAccountName: version-checker-prometheus diff --git a/clusters/cl01tl/helm/volsync/Chart.yaml b/clusters/cl01tl/helm/volsync/Chart.yaml index 914cfa03f..cc2e8bb2d 100644 --- a/clusters/cl01tl/helm/volsync/Chart.yaml +++ b/clusters/cl01tl/helm/volsync/Chart.yaml @@ -5,12 +5,10 @@ description: Volsync keywords: - volsync - backup - - storage - - s3 - - kubernetes -home: https://wiki.alexlebens.dev/s/6858726b-5219-46ee-b9b7-6e1f6c125f6b +home: https://docs.alexlebens.dev/applications/volsync/ sources: - https://github.com/backube/volsync + - https://quay.io/repository/backube/volsync?tab=tags - https://github.com/backube/volsync/tree/main/helm/volsync maintainers: - name: alexlebens diff --git a/clusters/cl01tl/helm/volsync/values.yaml b/clusters/cl01tl/helm/volsync/values.yaml index 107b690fd..b8c297635 100644 --- a/clusters/cl01tl/helm/volsync/values.yaml +++ b/clusters/cl01tl/helm/volsync/values.yaml @@ -1,15 +1,15 @@ volsync: replicaCount: 2 + image: + repository: quay.io/backube/volsync + image: 0.15.0@sha256:4fedd41b3101dde090542009c4177f703d241bf4760d1767bd9df08fd8fd93a4 manageCRDs: true metrics: disableAuth: true - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true resources: + limits: + cpu: null + memory: null requests: - cpu: 10m - memory: 128Mi + cpu: 1m + memory: 80Mi