From 4f2c97acf775361086411a511ea25db0a06eea88 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Tue, 21 Apr 2026 20:47:16 -0500 Subject: [PATCH 01/12] feat: convert many --- .../cl01tl/helm/actual/templates/_helpers.tpl | 14 ++ .../helm/authentik/templates/ingress.yaml | 4 +- .../cl01tl/helm/blocky/templates/_helpers.tpl | 14 ++ .../helm/cilium/templates/http-route.yaml | 4 +- .../cloudnative-pg/templates/_helpers.tpl | 14 ++ .../helm/coredns/templates/_helpers.tpl | 14 ++ .../templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 9 +- .../templates/namespace.yaml | 7 +- .../democratic-csi-synology-iscsi/values.yaml | 2 +- .../helm/descheduler/templates/_helpers.tpl | 14 ++ clusters/cl01tl/helm/directus/Chart.yaml | 2 +- .../helm/directus/templates/_helpers.tpl | 14 ++ .../directus/templates/external-secret.yaml | 133 ++++++++------- clusters/cl01tl/helm/directus/values.yaml | 4 +- .../elastic-operator/templates/_helpers.tpl | 14 ++ .../helm/element-web/templates/_helpers.tpl | 14 ++ .../cl01tl/helm/eraser/templates/_helpers.tpl | 14 ++ clusters/cl01tl/helm/excalidraw/Chart.yaml | 2 +- .../helm/excalidraw/templates/_helpers.tpl | 14 ++ clusters/cl01tl/helm/external-dns/Chart.yaml | 2 +- .../helm/external-dns/templates/_helpers.tpl | 14 ++ .../external-dns/templates/dns-endpoint.yaml | 36 ++++- .../templates/external-secret.yaml | 5 +- .../external-secrets/templates/_helpers.tpl | 14 ++ .../templates/cluster-role-binding.yaml | 5 +- .../templates/cluster-secret-store.yaml | 10 +- .../helm/foldergram/templates/_helpers.tpl | 21 +++ .../templates/persistent-volume-claim.yaml | 9 +- .../templates/persistent-volume.yaml | 7 +- .../helm/freshrss/templates/_helpers.tpl | 14 ++ .../freshrss/templates/external-secret.yaml | 32 ++-- clusters/cl01tl/helm/freshrss/values.yaml | 4 +- .../cl01tl/helm/garage/templates/_helpers.tpl | 14 ++ .../garage/templates/external-secret.yaml | 21 ++- .../cl01tl/helm/garage/templates/service.yaml | 5 +- clusters/cl01tl/helm/garage/values.yaml | 10 +- .../cl01tl/helm/gatus/templates/_helpers.tpl | 14 ++ .../helm/gatus/templates/external-secret.yaml | 22 ++- clusters/cl01tl/helm/gatus/values.yaml | 6 +- .../templates/_helpers.tpl | 14 ++ .../templates/namespace.yaml | 7 +- .../cl01tl/helm/gitea/templates/_helpers.tpl | 14 ++ .../helm/gitea/templates/config-map.yaml | 3 +- .../helm/gitea/templates/external-secret.yaml | 151 ++++-------------- .../helm/gitea/templates/http-route.yaml | 7 +- .../cl01tl/helm/gitea/templates/ingress.yaml | 9 +- .../helm/gitea/templates/namespace.yaml | 7 +- .../templates/persistent-volume-claim.yaml | 3 +- .../helm/gitea/templates/service-monitor.yaml | 3 +- .../helm/gitea/templates/tcp-route.yaml | 7 +- clusters/cl01tl/helm/gitea/values.yaml | 6 +- .../grafana-operator/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 78 ++------- .../templates/grafana-dashboard.yaml | 126 +++++---------- .../templates/grafana-datasource.yaml | 6 +- .../templates/grafana-folder.yaml | 15 +- .../grafana-operator/templates/grafana.yaml | 11 +- .../helm/grimmory/templates/_helpers.tpl | 24 +++ .../grimmory/templates/external-secret.yaml | 43 ++--- .../helm/grimmory/templates/namespace.yaml | 12 +- .../templates/persistent-volume-claim.yaml | 18 +-- .../grimmory/templates/persistent-volume.yaml | 16 +- clusters/cl01tl/helm/grimmory/values.yaml | 4 +- .../cl01tl/helm/harbor/templates/_helpers.tpl | 14 ++ .../harbor/templates/external-secret.yaml | 27 ++-- clusters/cl01tl/helm/harbor/values.yaml | 8 +- .../helm/headlamp/templates/_helpers.tpl | 21 +++ .../templates/cluster-role-binding.yaml | 13 +- .../headlamp/templates/external-secret.yaml | 25 ++- .../headlamp/templates/service-account.yaml | 7 +- clusters/cl01tl/helm/headlamp/values.yaml | 6 +- .../home-assistant/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 28 ++-- .../cl01tl/helm/home-assistant/values.yaml | 4 +- .../helm/homepage/templates/_helpers.tpl | 21 +++ .../templates/cluster-role-binding.yaml | 9 +- .../helm/homepage/templates/cluster-role.yaml | 7 +- .../homepage/templates/external-secret.yaml | 33 ++-- clusters/cl01tl/helm/homepage/values.yaml | 2 +- .../helm/houndarr/templates/_helpers.tpl | 14 ++ .../cl01tl/helm/immich/templates/_helpers.tpl | 14 ++ .../immich/templates/external-secrets.yaml | 18 --- .../templates/secret-provider-class.yaml | 18 +++ clusters/cl01tl/helm/immich/values.yaml | 16 +- .../templates/_helpers.tpl | 14 ++ .../templates/namespace.yaml | 7 +- .../helm/jellyfin/templates/_helpers.tpl | 24 +++ .../jellyfin/templates/external-secret.yaml | 22 ++- .../templates/persistent-volume-claim.yaml | 18 +-- .../jellyfin/templates/persistent-volume.yaml | 14 +- clusters/cl01tl/helm/jellyfin/values.yaml | 4 +- .../helm/jellystat/templates/_helpers.tpl | 14 ++ .../jellystat/templates/external-secret.yaml | 15 +- clusters/cl01tl/helm/jellystat/values.yaml | 6 +- .../helm/karakeep/templates/_helpers.tpl | 14 ++ .../karakeep/templates/external-secret.yaml | 12 +- .../cl01tl/helm/kiwix/templates/_helpers.tpl | 14 ++ .../templates/persistent-volume-claim.yaml | 3 +- .../kiwix/templates/persistent-volume.yaml | 3 +- .../cl01tl/helm/komodo/templates/_helpers.tpl | 14 ++ .../komodo/templates/external-secret.yaml | 6 +- .../templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 9 +- .../templates/namespace.yaml | 3 +- .../templates/scrape-config.yaml | 12 +- .../templates/_helpers.tpl | 14 ++ .../templates/cluster-role-binding.yaml | 3 +- .../templates/cluster-role.yaml | 6 +- .../templates/namespace.yaml | 3 +- .../templates/role-binding.yaml | 3 +- .../templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 3 +- .../helm/languagetool/templates/_helpers.tpl | 14 ++ .../helm/libation/templates/_helpers.tpl | 14 ++ .../templates/persistent-volume-claim.yaml | 3 +- .../libation/templates/persistent-volume.yaml | 3 +- .../cl01tl/helm/lidarr/templates/_helpers.tpl | 14 ++ .../helm/lidarr/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../lidarr/templates/persistent-volume.yaml | 3 +- .../lidarr/templates/prometheus-rule.yaml | 3 +- .../templates/_helpers.tpl | 14 ++ .../templates/namespace.yaml | 3 +- .../cl01tl/helm/loki/templates/_helpers.tpl | 14 ++ .../cl01tl/helm/loki/templates/namespace.yaml | 3 +- .../mariadb-operator/templates/_helpers.tpl | 14 ++ .../matrix-synapse/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 18 +-- .../templates/service-monitor.yaml | 3 +- .../helm/medialyze/templates/_helpers.tpl | 14 ++ .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../metrics-server/templates/_helpers.tpl | 14 ++ .../helm/music-grabber/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 6 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../helm/navidrome/templates/_helpers.tpl | 14 ++ .../templates/persistent-volume-claim.yaml | 12 +- .../templates/persistent-volume.yaml | 12 +- .../templates/_helpers.tpl | 14 ++ .../templates/namespace.yaml | 3 +- .../cl01tl/helm/ntfy/templates/_helpers.tpl | 14 ++ .../helm/ntfy/templates/external-secret.yaml | 3 +- .../cl01tl/helm/ollama/templates/_helpers.tpl | 14 ++ .../ollama/templates/external-secret.yaml | 6 +- .../helm/omni-tools/templates/_helpers.tpl | 14 ++ .../helm/openbao/templates/_helpers.tpl | 14 ++ .../openbao/templates/external-secret.yaml | 12 +- .../helm/openbao/templates/ingress.yaml | 3 +- .../helm/openbao/templates/namespace.yaml | 3 +- .../helm/outline/templates/_helpers.tpl | 14 ++ .../outline/templates/external-secret.yaml | 6 +- .../helm/paperless-ngx/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 6 +- .../cl01tl/helm/plex/templates/_helpers.tpl | 14 ++ .../templates/persistent-volume-claim.yaml | 3 +- .../plex/templates/persistent-volume.yaml | 3 +- .../cl01tl/helm/postiz/templates/_helpers.tpl | 14 ++ .../postiz/templates/external-secret.yaml | 12 +- .../helm/postiz/templates/http-route.yaml | 3 +- .../helm/prowlarr/templates/_helpers.tpl | 14 ++ .../prowlarr/templates/external-secret.yaml | 3 +- .../helm/qbittorrent/templates/_helpers.tpl | 14 ++ .../qbittorrent/templates/config-map.yaml | 6 +- .../templates/external-secret.yaml | 9 +- .../helm/qbittorrent/templates/namespace.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../helm/radarr-4k/templates/_helpers.tpl | 14 ++ .../helm/radarr-4k/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../radarr-4k/templates/prometheus-rule.yaml | 3 +- .../helm/radarr-anime/templates/_helpers.tpl | 14 ++ .../radarr-anime/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../templates/prometheus-rule.yaml | 3 +- .../radarr-standup/templates/_helpers.tpl | 14 ++ .../radarr-standup/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../templates/prometheus-rule.yaml | 3 +- .../cl01tl/helm/radarr/templates/_helpers.tpl | 14 ++ .../helm/radarr/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../radarr/templates/persistent-volume.yaml | 3 +- .../radarr/templates/prometheus-rule.yaml | 3 +- .../cl01tl/helm/rclone/templates/_helpers.tpl | 14 ++ .../rclone/templates/external-secret.yaml | 24 +-- .../helm/reloader/templates/_helpers.tpl | 14 ++ .../helm/rook-ceph/templates/_helpers.tpl | 14 ++ .../helm/rook-ceph/templates/namespace.yaml | 3 +- .../helm/roundcube/templates/_helpers.tpl | 14 ++ .../roundcube/templates/external-secret.yaml | 3 +- .../cl01tl/helm/rybbit/templates/_helpers.tpl | 14 ++ .../rybbit/templates/external-secret.yaml | 3 +- .../helm/s3-exporter/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 6 +- .../helm/searxng/templates/_helpers.tpl | 14 ++ .../searxng/templates/external-secret.yaml | 6 +- .../templates/_helpers.tpl | 14 ++ .../templates/namespace.yaml | 3 +- .../cl01tl/helm/seerr/templates/_helpers.tpl | 14 ++ .../helm/shelfmark/templates/_helpers.tpl | 14 ++ .../shelfmark/templates/external-secret.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 9 +- .../templates/persistent-volume.yaml | 9 +- .../helm/shelly-plug/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 3 +- .../site-documentation/templates/_helpers.tpl | 14 ++ .../helm/site-profile/templates/_helpers.tpl | 14 ++ .../site-saralebens/templates/_helpers.tpl | 14 ++ .../cl01tl/helm/slskd/templates/_helpers.tpl | 14 ++ .../helm/slskd/templates/external-secret.yaml | 6 +- .../helm/slskd/templates/namespace.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../slskd/templates/persistent-volume.yaml | 3 +- .../templates/secret-provider-class.yaml | 3 +- clusters/cl01tl/helm/slskd/values.yaml | 3 + .../templates/_helpers.tpl | 14 ++ .../helm/sonarr-4k/templates/_helpers.tpl | 14 ++ .../helm/sonarr-4k/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../sonarr-4k/templates/prometheus-rule.yaml | 3 +- .../helm/sonarr-anime/templates/_helpers.tpl | 14 ++ .../sonarr-anime/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../templates/prometheus-rule.yaml | 3 +- .../cl01tl/helm/sonarr/templates/_helpers.tpl | 14 ++ .../helm/sonarr/templates/middleware.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../sonarr/templates/persistent-volume.yaml | 3 +- .../sonarr/templates/prometheus-rule.yaml | 3 +- .../helm/sparkyfitness/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 6 +- .../speedtest-exporter/templates/_helpers.tpl | 14 ++ .../cl01tl/helm/stack/templates/_helpers.tpl | 14 ++ .../helm/stalwart/templates/_helpers.tpl | 14 ++ .../stalwart/templates/elasticsearch.yaml | 3 +- .../stalwart/templates/external-secret.yaml | 3 +- .../helm/stalwart/templates/namespace.yaml | 3 +- .../tailscale-operator/templates/_helpers.tpl | 14 ++ .../templates/connector.yaml | 3 +- .../templates/dns-config.yaml | 3 +- .../templates/external-secrets.yaml | 3 +- .../templates/namespace.yaml | 3 +- .../templates/proxy-class.yaml | 6 +- .../tailscale-operator/templates/service.yaml | 24 +-- .../cl01tl/helm/talos/templates/_helpers.tpl | 14 ++ .../cl01tl/helm/talos/templates/config.yaml | 3 +- .../helm/talos/templates/external-secret.yaml | 15 +- .../cl01tl/helm/talos/templates/secret.yaml | 3 +- .../helm/talos/templates/service-account.yaml | 3 +- .../cl01tl/helm/tdarr/templates/_helpers.tpl | 14 ++ .../templates/persistent-volume-claim.yaml | 3 +- .../tdarr/templates/persistent-volume.yaml | 3 +- .../helm/traefik/templates/_helpers.tpl | 14 ++ .../helm/traefik/templates/namespace.yaml | 3 +- .../helm/tubearchivist/templates/_helpers.tpl | 14 ++ .../templates/elasticsearch.yaml | 3 +- .../templates/external-secret.yaml | 9 +- .../tubearchivist/templates/namespace.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../helm/unpackerr/templates/_helpers.tpl | 14 ++ .../unpackerr/templates/external-secret.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../templates/persistent-volume.yaml | 3 +- .../helm/unpoller/templates/_helpers.tpl | 14 ++ .../unpoller/templates/external-secret.yaml | 3 +- .../cl01tl/helm/vault/templates/_helpers.tpl | 14 ++ .../helm/vault/templates/config-map.yaml | 6 +- .../helm/vault/templates/external-secret.yaml | 27 ++-- .../helm/vault/templates/http-route.yaml | 3 +- .../cl01tl/helm/vault/templates/ingress.yaml | 3 +- .../templates/persistent-volume-claim.yaml | 3 +- .../helm/vaultwarden/templates/_helpers.tpl | 14 ++ .../templates/external-secret.yaml | 3 +- .../version-checker/templates/_helpers.tpl | 14 ++ .../templates/service-monitor.yaml | 3 +- .../helm/volsync/templates/_helpers.tpl | 14 ++ .../volsync/templates/prometheus-rule.yaml | 3 +- .../volsync/templates/service-monitor.yaml | 3 +- .../cl01tl/helm/whodb/templates/_helpers.tpl | 14 ++ .../helm/yamtrack/templates/_helpers.tpl | 14 ++ .../yamtrack/templates/external-secret.yaml | 6 +- .../cl01tl/helm/yubal/templates/_helpers.tpl | 14 ++ .../templates/persistent-volume-claim.yaml | 3 +- .../yubal/templates/persistent-volume.yaml | 3 +- 294 files changed, 2095 insertions(+), 1121 deletions(-) create mode 100644 clusters/cl01tl/helm/actual/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/blocky/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/cloudnative-pg/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/coredns/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/descheduler/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/directus/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/elastic-operator/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/element-web/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/eraser/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/excalidraw/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/external-dns/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/external-secrets/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/foldergram/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/freshrss/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/garage/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/gatus/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/generic-device-plugin/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/gitea/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/grafana-operator/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/grimmory/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/harbor/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/headlamp/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/home-assistant/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/homepage/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/houndarr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/immich/templates/_helpers.tpl delete mode 100644 clusters/cl01tl/helm/immich/templates/external-secrets.yaml create mode 100644 clusters/cl01tl/helm/immich/templates/secret-provider-class.yaml create mode 100644 clusters/cl01tl/helm/intel-device-plugin/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/jellyfin/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/jellystat/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/karakeep/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/kiwix/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/komodo/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/kube-prometheus-stack/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/languagetool/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/libation/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/lidarr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/local-path-provisioner/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/loki/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/mariadb-operator/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/medialyze/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/metrics-server/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/navidrome/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/node-feature-discovery/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/ntfy/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/ollama/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/omni-tools/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/openbao/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/outline/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/paperless-ngx/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/plex/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/postiz/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/prowlarr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/radarr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/rclone/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/reloader/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/rook-ceph/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/roundcube/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/rybbit/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/s3-exporter/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/searxng/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/secrets-store-csi-driver/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/seerr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/shelly-plug/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/site-documentation/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/site-profile/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/site-saralebens/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/slskd/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/snapshot-controller/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/sonarr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/sparkyfitness/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/speedtest-exporter/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/stack/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/stalwart/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/tailscale-operator/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/talos/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/tdarr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/traefik/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/unpoller/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/vault/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/vaultwarden/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/version-checker/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/volsync/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/whodb/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/yamtrack/templates/_helpers.tpl create mode 100644 clusters/cl01tl/helm/yubal/templates/_helpers.tpl diff --git a/clusters/cl01tl/helm/actual/templates/_helpers.tpl b/clusters/cl01tl/helm/actual/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/actual/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/authentik/templates/ingress.yaml b/clusters/cl01tl/helm/authentik/templates/ingress.yaml index d03d9b19e..d01d31233 100644 --- a/clusters/cl01tl/helm/authentik/templates/ingress.yaml +++ b/clusters/cl01tl/helm/authentik/templates/ingress.yaml @@ -5,8 +5,8 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ .Release.Name }}-tailscale - tailscale.com/proxy-class: no-metrics {{- include "custom.labels" . | nindent 4 }} + tailscale.com/proxy-class: no-metrics annotations: tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" spec: @@ -25,4 +25,4 @@ spec: service: name: authentik-server port: - number: 80 + name: http diff --git a/clusters/cl01tl/helm/blocky/templates/_helpers.tpl b/clusters/cl01tl/helm/blocky/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/blocky/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/cilium/templates/http-route.yaml b/clusters/cl01tl/helm/cilium/templates/http-route.yaml index f631ec670..d09970388 100644 --- a/clusters/cl01tl/helm/cilium/templates/http-route.yaml +++ b/clusters/cl01tl/helm/cilium/templates/http-route.yaml @@ -20,8 +20,6 @@ spec: type: PathPrefix value: / backendRefs: - - group: '' - kind: Service + - kind: Service name: hubble-ui port: 80 - weight: 100 diff --git a/clusters/cl01tl/helm/cloudnative-pg/templates/_helpers.tpl b/clusters/cl01tl/helm/cloudnative-pg/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/cloudnative-pg/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/coredns/templates/_helpers.tpl b/clusters/cl01tl/helm/coredns/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/coredns/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/_helpers.tpl b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml index e456ca3e3..131c918fa 100644 --- a/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/external-secret.yaml @@ -1,16 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: synology-iscsi-config-secret + name: synology-iscsi-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: synology-iscsi-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: synology-iscsi-config + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: driver-config-file.yaml remoteRef: diff --git a/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/namespace.yaml b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/namespace.yaml index 98cedb460..bbbe36926 100644 --- a/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/namespace.yaml +++ b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/templates/namespace.yaml @@ -1,11 +1,10 @@ apiVersion: v1 kind: Namespace metadata: - name: democratic-csi-synology-iscsi + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: democratic-csi-synology-iscsi - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Namespace }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml index afbeb6c8b..c6a66174f 100644 --- a/clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml +++ b/clusters/cl01tl/helm/democratic-csi-synology-iscsi/values.yaml @@ -3,7 +3,7 @@ democratic-csi: image: registry: ghcr.io/democratic-csi/democratic-csi tag: v1.9.5@@sha256:fc3b7d7ed3a616714139525075312758e23a5d425ffb539ad12c9bd20fb6001f - existingConfigSecret: synology-iscsi-config-secret + existingConfigSecret: synology-iscsi-config config: driver: synology-iscsi resources: diff --git a/clusters/cl01tl/helm/descheduler/templates/_helpers.tpl b/clusters/cl01tl/helm/descheduler/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/descheduler/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/directus/Chart.yaml b/clusters/cl01tl/helm/directus/Chart.yaml index da199fcc0..d6ca2c76d 100644 --- a/clusters/cl01tl/helm/directus/Chart.yaml +++ b/clusters/cl01tl/helm/directus/Chart.yaml @@ -5,7 +5,7 @@ description: Directus keywords: - directus - content-management-system -home: https://docs.alexlebens.dev/applications/descheduler/ +home: https://docs.alexlebens.dev/applications/directus/ sources: - https://github.com/directus/directus - https://github.com/directus/directus/pkgs/container/directus diff --git a/clusters/cl01tl/helm/directus/templates/_helpers.tpl b/clusters/cl01tl/helm/directus/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/directus/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/directus/templates/external-secret.yaml b/clusters/cl01tl/helm/directus/templates/external-secret.yaml index 89ddc81a8..40ae1bf5f 100644 --- a/clusters/cl01tl/helm/directus/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/directus/templates/external-secret.yaml @@ -5,13 +5,20 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: directus-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: + - secretKey: key + remoteRef: + key: /cl01tl/directus/key + property: key + - secretKey: secret + remoteRef: + key: /cl01tl/directus/key + property: secret - secretKey: admin-email remoteRef: key: /cl01tl/directus/config @@ -20,38 +27,6 @@ spec: remoteRef: key: /cl01tl/directus/config property: admin-password - - secretKey: secret - remoteRef: - key: /cl01tl/directus/config - property: secret - - secretKey: key - remoteRef: - key: /cl01tl/directus/config - property: key - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - key: /authentik/oidc/directus - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - key: /authentik/oidc/directus - property: secret --- apiVersion: external-secrets.io/v1 @@ -61,18 +36,67 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: directus-metric-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: metric-token remoteRef: key: /cl01tl/directus/metrics property: metric-token +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: directus-valkey-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: directus-valkey-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: user + remoteRef: + key: /cl01tl/directus/valkey + property: user + - secretKey: password + remoteRef: + key: /cl01tl/directus/valkey + property: password + - secretKey: default + remoteRef: + key: /cl01tl/directus/valkey + property: password + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: directus-oidc-authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: directus-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: OIDC_CLIENT_ID + remoteRef: + key: /cl01tl/authentik/oidc/directus + property: client + - secretKey: OIDC_CLIENT_SECRET + remoteRef: + key: /cl01tl/authentik/oidc/directus + property: secret + --- apiVersion: external-secrets.io/v1 kind: ExternalSecret @@ -81,12 +105,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: directus-bucket-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ACCESS_KEY_ID remoteRef: @@ -100,31 +123,3 @@ spec: remoteRef: key: /garage/home-infra/directus-assets property: ACCESS_REGION - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: directus-valkey-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: directus-valkey-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: default - remoteRef: - key: /cl01tl/directus/valkey - property: password - - secretKey: user - remoteRef: - key: /cl01tl/directus/valkey - property: user - - secretKey: password - remoteRef: - key: /cl01tl/directus/valkey - property: password diff --git a/clusters/cl01tl/helm/directus/values.yaml b/clusters/cl01tl/helm/directus/values.yaml index 7d93e397b..547bac830 100644 --- a/clusters/cl01tl/helm/directus/values.yaml +++ b/clusters/cl01tl/helm/directus/values.yaml @@ -113,12 +113,12 @@ directus: - name: AUTH_AUTHENTIK_CLIENT_ID valueFrom: secretKeyRef: - name: directus-oidc-secret + name: directus-oidc-authentik key: OIDC_CLIENT_ID - name: AUTH_AUTHENTIK_CLIENT_SECRET valueFrom: secretKeyRef: - name: directus-oidc-secret + name: directus-oidc-authentik key: OIDC_CLIENT_SECRET - name: AUTH_AUTHENTIK_SCOPE value: openid profile email diff --git a/clusters/cl01tl/helm/elastic-operator/templates/_helpers.tpl b/clusters/cl01tl/helm/elastic-operator/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/elastic-operator/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/element-web/templates/_helpers.tpl b/clusters/cl01tl/helm/element-web/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/element-web/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/eraser/templates/_helpers.tpl b/clusters/cl01tl/helm/eraser/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/eraser/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/excalidraw/Chart.yaml b/clusters/cl01tl/helm/excalidraw/Chart.yaml index 13b45d2b3..9bb7d7006 100644 --- a/clusters/cl01tl/helm/excalidraw/Chart.yaml +++ b/clusters/cl01tl/helm/excalidraw/Chart.yaml @@ -5,7 +5,7 @@ description: Excalidraw keywords: - excalidraw - drawing -home: https://docs.alexlebens.dev/applications/eraser/ +home: https://docs.alexlebens.dev/applications/excalidraw/ sources: - https://github.com/excalidraw/excalidraw - https://hub.docker.com/r/excalidraw/excalidraw diff --git a/clusters/cl01tl/helm/excalidraw/templates/_helpers.tpl b/clusters/cl01tl/helm/excalidraw/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/excalidraw/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/external-dns/Chart.yaml b/clusters/cl01tl/helm/external-dns/Chart.yaml index 15964a1c9..435df565a 100644 --- a/clusters/cl01tl/helm/external-dns/Chart.yaml +++ b/clusters/cl01tl/helm/external-dns/Chart.yaml @@ -5,7 +5,7 @@ description: External DNS keywords: - external-dns - dns -home: https://docs.alexlebens.dev/applications/eraser/ +home: https://docs.alexlebens.dev/applications/external-dns/ sources: - https://github.com/kubernetes-sigs/external-dns - https://explore.ggcr.dev/?repo=registry.k8s.io%2Fexternal-dns%2Fexternal-dns diff --git a/clusters/cl01tl/helm/external-dns/templates/_helpers.tpl b/clusters/cl01tl/helm/external-dns/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/external-dns/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/external-dns/templates/dns-endpoint.yaml b/clusters/cl01tl/helm/external-dns/templates/dns-endpoint.yaml index dbdf10cb1..cd95d7784 100644 --- a/clusters/cl01tl/helm/external-dns/templates/dns-endpoint.yaml +++ b/clusters/cl01tl/helm/external-dns/templates/dns-endpoint.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: external-device-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: endpoints: # Unifi UDM @@ -48,8 +47,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: iot-device-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: endpoints: # Airgradient @@ -82,6 +80,18 @@ spec: recordType: A targets: - 10.230.0.100 + # HD Homerun + - dnsName: dv01hr.alexlebens.net + recordTTL: 180 + recordType: A + targets: + - 10.232.1.72 + # Pi KVM + - dnsName: dv02kv.alexlebens.net + recordTTL: 180 + recordType: A + targets: + - 10.232.1.71 --- apiVersion: externaldns.k8s.io/v1alpha1 @@ -91,8 +101,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: server-host-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: endpoints: # Unifi Gateway @@ -125,6 +134,18 @@ spec: recordType: A targets: - 10.232.1.52 + # Desktop + - dnsName: pd05wd.alexlebens.net + recordTTL: 180 + recordType: A + targets: + - 10.230.0.115 + # Laptop + - dnsName: pl02mc.alexlebens.net + recordTTL: 180 + recordType: A + targets: + - 10.230.0.105 --- apiVersion: externaldns.k8s.io/v1alpha1 @@ -134,8 +155,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: cluster-service-names - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: endpoints: # Treafik Proxy diff --git a/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml b/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml index 4cd51c9d8..b5916382d 100644 --- a/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/external-dns/templates/external-secret.yaml @@ -5,12 +5,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: external-dns-unifi-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: api-key remoteRef: diff --git a/clusters/cl01tl/helm/external-secrets/templates/_helpers.tpl b/clusters/cl01tl/helm/external-secrets/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/external-secrets/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml b/clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml index 13f08c206..135eedcd8 100644 --- a/clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml +++ b/clusters/cl01tl/helm/external-secrets/templates/cluster-role-binding.yaml @@ -5,13 +5,12 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: external-secrets - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount - name: external-secrets + name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} diff --git a/clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml b/clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml index 7d8655375..ee0e0bff2 100644 --- a/clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml +++ b/clusters/cl01tl/helm/external-secrets/templates/cluster-secret-store.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: provider: vault: @@ -26,8 +25,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: provider: vault: @@ -39,7 +37,7 @@ spec: mountPath: kubernetes role: external-secrets serviceAccountRef: - name: external-secrets - namespace: {{ .Release.Name }} + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} audiences: - openbao diff --git a/clusters/cl01tl/helm/foldergram/templates/_helpers.tpl b/clusters/cl01tl/helm/foldergram/templates/_helpers.tpl new file mode 100644 index 000000000..d090d319c --- /dev/null +++ b/clusters/cl01tl/helm/foldergram/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +foldergram-pictures-collections-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml index a863b188e..7652a28b7 100644 --- a/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/foldergram/templates/persistent-volume-claim.yaml @@ -1,14 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: foldergram-pictures-collections-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: foldergram-pictures-collections-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml b/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml index 3d4030a9c..7aab31dbc 100644 --- a/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/foldergram/templates/persistent-volume.yaml @@ -1,12 +1,11 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: foldergram-pictures-collections-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: foldergram-pictures-collections-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/freshrss/templates/_helpers.tpl b/clusters/cl01tl/helm/freshrss/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/freshrss/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml b/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml index 6242e333b..98f990ec5 100644 --- a/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/freshrss/templates/external-secret.yaml @@ -1,54 +1,52 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: freshrss-install-secret + name: freshrss-install-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: freshrss-install-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: freshrss-install-config + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ADMIN_EMAIL remoteRef: key: /cl01tl/freshrss/config - property: ADMIN_EMAIL + property: admin-email - secretKey: ADMIN_PASSWORD remoteRef: key: /cl01tl/freshrss/config - property: ADMIN_PASSWORD + property: admin-password - secretKey: ADMIN_API_PASSWORD remoteRef: key: /cl01tl/freshrss/config - property: ADMIN_API_PASSWORD + property: admin-api-password --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: freshrss-oidc-secret + name: freshrss-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: freshrss-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: freshrss-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: OIDC_CLIENT_ID remoteRef: - key: /authentik/oidc/freshrss + key: /cl01tl/authentik/oidc/freshrss property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - key: /authentik/oidc/freshrss + key: /cl01tl/authentik/oidc/freshrss property: secret - secretKey: OIDC_CLIENT_CRYPTO_KEY remoteRef: - key: /authentik/oidc/freshrss - property: crypto-key + key: /cl01tl/freshrss/key + property: oidc-client-crypto-key diff --git a/clusters/cl01tl/helm/freshrss/values.yaml b/clusters/cl01tl/helm/freshrss/values.yaml index 48a808065..5779d5e89 100644 --- a/clusters/cl01tl/helm/freshrss/values.yaml +++ b/clusters/cl01tl/helm/freshrss/values.yaml @@ -73,9 +73,9 @@ freshrss: value: preferred_username envFrom: - secretRef: - name: freshrss-oidc-secret + name: freshrss-oidc-authentik - secretRef: - name: freshrss-install-secret + name: freshrss-install-config resources: requests: cpu: 1m diff --git a/clusters/cl01tl/helm/garage/templates/_helpers.tpl b/clusters/cl01tl/helm/garage/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/garage/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/garage/templates/external-secret.yaml b/clusters/cl01tl/helm/garage/templates/external-secret.yaml index 4b0367b9d..ad2f1e9f3 100644 --- a/clusters/cl01tl/helm/garage/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/garage/templates/external-secret.yaml @@ -1,26 +1,25 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: garage-token-secret + name: garage-token namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: garage-token-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: garage-token + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: GARAGE_RPC_SECRET remoteRef: - key: /cl01tl/garage/token - property: rpc + key: /cl01tl/garage/config + property: rpc-secret - secretKey: GARAGE_ADMIN_TOKEN remoteRef: - key: /cl01tl/garage/token - property: admin + key: /cl01tl/garage/config + property: admin-token - secretKey: GARAGE_METRICS_TOKEN remoteRef: - key: /cl01tl/garage/token - property: metric + key: /cl01tl/garage/config + property: metrics-token diff --git a/clusters/cl01tl/helm/garage/templates/service.yaml b/clusters/cl01tl/helm/garage/templates/service.yaml index da2290880..20e56c2d4 100644 --- a/clusters/cl01tl/helm/garage/templates/service.yaml +++ b/clusters/cl01tl/helm/garage/templates/service.yaml @@ -6,8 +6,7 @@ metadata: labels: app.kubernetes.io/name: garage-main app.kubernetes.io/service: garage-main - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: ports: - name: admin @@ -27,6 +26,6 @@ spec: protocol: TCP targetPort: 3902 selector: - app.kubernetes.io/instance: garage app.kubernetes.io/name: garage + app.kubernetes.io/instance: garage garage-type: server diff --git a/clusters/cl01tl/helm/garage/values.yaml b/clusters/cl01tl/helm/garage/values.yaml index 0ef80497b..6b3cc697b 100644 --- a/clusters/cl01tl/helm/garage/values.yaml +++ b/clusters/cl01tl/helm/garage/values.yaml @@ -24,7 +24,7 @@ garage: tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 envFrom: - secretRef: - name: garage-token-secret + name: garage-token resources: requests: cpu: 10m @@ -53,7 +53,7 @@ garage: tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 envFrom: - secretRef: - name: garage-token-secret + name: garage-token resources: requests: cpu: 10m @@ -82,7 +82,7 @@ garage: tag: v2.3.0@sha256:866bd13ed2038ba7e7190e840482bc27234c4afaf77be8cfa439ae088c1e4690 envFrom: - secretRef: - name: garage-token-secret + name: garage-token resources: requests: cpu: 10m @@ -104,7 +104,7 @@ garage: - name: API_ADMIN_KEY valueFrom: secretKeyRef: - name: garage-token-secret + name: garage-token key: GARAGE_ADMIN_TOKEN resources: requests: @@ -273,7 +273,7 @@ garage: scrapeTimeout: 2m path: /metrics bearerTokenSecret: - name: garage-token-secret + name: garage-token key: GARAGE_METRICS_TOKEN route: webui: diff --git a/clusters/cl01tl/helm/gatus/templates/_helpers.tpl b/clusters/cl01tl/helm/gatus/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/gatus/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/gatus/templates/external-secret.yaml b/clusters/cl01tl/helm/gatus/templates/external-secret.yaml index 194c26525..94af6f4f3 100644 --- a/clusters/cl01tl/helm/gatus/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/gatus/templates/external-secret.yaml @@ -1,42 +1,40 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: gatus-config-secret + name: gatus-config namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gatus-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: NTFY_TOKEN remoteRef: - key: /ntfy/user/cl01tl + key: /cl01tl/ntfy/users/cl01tl property: token --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: gatus-oidc-secret + name: gatus-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: gatus-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: gatus-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: OIDC_CLIENT_ID remoteRef: - key: /authentik/oidc/gatus + key: /cl01tl/authentik/oidc/gatus property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - key: /authentik/oidc/gatus + key: /cl01tl/authentik/oidc/gatus property: secret diff --git a/clusters/cl01tl/helm/gatus/values.yaml b/clusters/cl01tl/helm/gatus/values.yaml index edc40aa17..2f8ff8bdd 100644 --- a/clusters/cl01tl/helm/gatus/values.yaml +++ b/clusters/cl01tl/helm/gatus/values.yaml @@ -20,17 +20,17 @@ gatus: NTFY_TOKEN: valueFrom: secretKeyRef: - name: gatus-config-secret + name: gatus-config key: NTFY_TOKEN OIDC_CLIENT_ID: valueFrom: secretKeyRef: - name: gatus-oidc-secret + name: gatus-oidc-authentik key: OIDC_CLIENT_ID OIDC_CLIENT_SECRET: valueFrom: secretKeyRef: - name: gatus-oidc-secret + name: gatus-oidc-authentik key: OIDC_CLIENT_SECRET POSTGRES_USER: valueFrom: diff --git a/clusters/cl01tl/helm/generic-device-plugin/templates/_helpers.tpl b/clusters/cl01tl/helm/generic-device-plugin/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/generic-device-plugin/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/generic-device-plugin/templates/namespace.yaml b/clusters/cl01tl/helm/generic-device-plugin/templates/namespace.yaml index 294c34f86..bbbe36926 100644 --- a/clusters/cl01tl/helm/generic-device-plugin/templates/namespace.yaml +++ b/clusters/cl01tl/helm/generic-device-plugin/templates/namespace.yaml @@ -1,11 +1,10 @@ apiVersion: v1 kind: Namespace metadata: - name: generic-device-plugin + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: generic-device-plugin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Namespace }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/gitea/templates/_helpers.tpl b/clusters/cl01tl/helm/gitea/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/gitea/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/gitea/templates/config-map.yaml b/clusters/cl01tl/helm/gitea/templates/config-map.yaml index 5af39ccf4..1d9e4b225 100644 --- a/clusters/cl01tl/helm/gitea/templates/config-map.yaml +++ b/clusters/cl01tl/helm/gitea/templates/config-map.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gitea-custom-templates - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} data: header.tmpl: | diff --git a/clusters/cl01tl/helm/gitea/templates/external-secret.yaml b/clusters/cl01tl/helm/gitea/templates/external-secret.yaml index 0d1a10cad..d8d420e45 100644 --- a/clusters/cl01tl/helm/gitea/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/gitea/templates/external-secret.yaml @@ -1,64 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret -metadata: - name: gitea-admin-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-admin-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: username - remoteRef: - key: /cl01tl/gitea/auth/admin - property: username - - secretKey: password - remoteRef: - key: /cl01tl/gitea/auth/admin - property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret - remoteRef: - key: /authentik/oidc/gitea - property: secret - - secretKey: key - remoteRef: - key: /authentik/oidc/gitea - property: client - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret metadata: name: gitea-runner-secret namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gitea-runner-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: token remoteRef: @@ -69,80 +20,15 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: gitea-renovate-secret + name: gitea-meilisearch-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: gitea-renovate-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: gitea-meilisearch-key + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault - data: - - secretKey: RENOVATE_ENDPOINT - remoteRef: - key: /cl01tl/gitea/renovate - property: RENOVATE_ENDPOINT - - secretKey: RENOVATE_GIT_AUTHOR - remoteRef: - key: /cl01tl/gitea/renovate - property: RENOVATE_GIT_AUTHOR - - secretKey: RENOVATE_TOKEN - remoteRef: - key: /cl01tl/gitea/renovate - property: RENOVATE_TOKEN - - secretKey: RENOVATE_GIT_PRIVATE_KEY - remoteRef: - key: /cl01tl/gitea/renovate - property: id_rsa - - secretKey: RENOVATE_GITHUB_COM_TOKEN - remoteRef: - key: /github/gitea-cl01tl - property: token - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-renovate-ssh-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-renovate-ssh-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config - remoteRef: - key: /cl01tl/gitea/renovate - property: ssh_config - - secretKey: id_rsa - remoteRef: - key: /cl01tl/gitea/renovate - property: id_rsa - - secretKey: id_rsa.pub - remoteRef: - key: /cl01tl/gitea/renovate - property: id_rsa.pub - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: gitea-meilisearch-master-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: gitea-meilisearch-master-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault + name: openbao target: template: mergePolicy: Merge @@ -153,4 +39,27 @@ spec: - secretKey: MEILI_MASTER_KEY remoteRef: key: /cl01tl/gitea/meilisearch - property: MEILI_MASTER_KEY + property: master-key + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: gitea-oidc-authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: gitea-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: secret + remoteRef: + key: /cl01tl/authentik/oidc/gitea + property: secret + - secretKey: key + remoteRef: + key: /cl01tl/authentik/oidc/gitea + property: client diff --git a/clusters/cl01tl/helm/gitea/templates/http-route.yaml b/clusters/cl01tl/helm/gitea/templates/http-route.yaml index 3453592aa..5868434ca 100644 --- a/clusters/cl01tl/helm/gitea/templates/http-route.yaml +++ b/clusters/cl01tl/helm/gitea/templates/http-route.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: parentRefs: - group: gateway.networking.k8s.io @@ -21,8 +20,6 @@ spec: type: PathPrefix value: / backendRefs: - - group: '' - kind: Service + - kind: Service name: gitea-http port: 3000 - weight: 100 diff --git a/clusters/cl01tl/helm/gitea/templates/ingress.yaml b/clusters/cl01tl/helm/gitea/templates/ingress.yaml index b348af72a..1b69b4c72 100644 --- a/clusters/cl01tl/helm/gitea/templates/ingress.yaml +++ b/clusters/cl01tl/helm/gitea/templates/ingress.yaml @@ -1,12 +1,11 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: gitea-tailscale + name: {{ .Release.Name }}-tailscale namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: gitea-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Name }}-tailscale + {{- include "custom.labels" . | nindent 4 }} tailscale.com/proxy-class: no-metrics annotations: tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" @@ -21,7 +20,7 @@ spec: http: paths: - path: / - pathType: ImplementationSpecific + pathType: Prefix backend: service: name: gitea-http diff --git a/clusters/cl01tl/helm/gitea/templates/namespace.yaml b/clusters/cl01tl/helm/gitea/templates/namespace.yaml index 16080cc7f..bbbe36926 100644 --- a/clusters/cl01tl/helm/gitea/templates/namespace.yaml +++ b/clusters/cl01tl/helm/gitea/templates/namespace.yaml @@ -1,11 +1,10 @@ apiVersion: v1 kind: Namespace metadata: - name: gitea + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Namespace }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml index 635119e18..4185d4e83 100644 --- a/clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/gitea/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gitea-themes-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeMode: Filesystem storageClassName: ceph-filesystem diff --git a/clusters/cl01tl/helm/gitea/templates/service-monitor.yaml b/clusters/cl01tl/helm/gitea/templates/service-monitor.yaml index e8e46ebba..640da55ef 100644 --- a/clusters/cl01tl/helm/gitea/templates/service-monitor.yaml +++ b/clusters/cl01tl/helm/gitea/templates/service-monitor.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: selector: matchLabels: diff --git a/clusters/cl01tl/helm/gitea/templates/tcp-route.yaml b/clusters/cl01tl/helm/gitea/templates/tcp-route.yaml index 5624c7428..519d9681f 100644 --- a/clusters/cl01tl/helm/gitea/templates/tcp-route.yaml +++ b/clusters/cl01tl/helm/gitea/templates/tcp-route.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gitea-ssh - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: parentRefs: - group: gateway.networking.k8s.io @@ -16,8 +15,6 @@ spec: sectionName: ssh rules: - backendRefs: - - group: '' - kind: Service + - kind: Service name: gitea-ssh port: 22 - weight: 100 diff --git a/clusters/cl01tl/helm/gitea/values.yaml b/clusters/cl01tl/helm/gitea/values.yaml index 0d279bb3b..600bc28c2 100644 --- a/clusters/cl01tl/helm/gitea/values.yaml +++ b/clusters/cl01tl/helm/gitea/values.yaml @@ -59,7 +59,7 @@ gitea: oauth: - name: Authentik provider: openidConnect - existingSecret: gitea-oidc-secret + existingSecret: gitea-oidc-authentik autoDiscoverUrl: https://auth.alexlebens.dev/application/o/gitea/.well-known/openid-configuration iconUrl: https://goauthentik.io/img/icon.png scopes: "email profile" @@ -137,7 +137,7 @@ gitea: - name: GITEA__INDEXER__ISSUE_INDEXER_CONN_STR valueFrom: secretKeyRef: - name: gitea-meilisearch-master-key-secret + name: gitea-meilisearch-key key: ISSUE_INDEXER_CONN_STR valkey-cluster: enabled: false @@ -235,7 +235,7 @@ meilisearch: MEILI_ENV: production MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: - existingMasterKeySecret: gitea-meilisearch-master-key-secret + existingMasterKeySecret: gitea-meilisearch-key persistence: enabled: true storageClass: ceph-block diff --git a/clusters/cl01tl/helm/grafana-operator/templates/_helpers.tpl b/clusters/cl01tl/helm/grafana-operator/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/grafana-operator/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml b/clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml index a5d05c0b9..e67786dab 100644 --- a/clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/grafana-operator/templates/external-secret.yaml @@ -1,98 +1,44 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: grafana-auth-secret + name: grafana-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grafana-auth-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: grafana-config + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: admin-user remoteRef: - key: /cl01tl/grafana/auth + key: /cl01tl/grafana/config property: admin-user - secretKey: admin-password remoteRef: - key: /cl01tl/grafana/auth + key: /cl01tl/grafana/config property: admin-password --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: grafana-oauth-secret + name: grafana-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grafana-oauth-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: grafana-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: AUTH_CLIENT_ID remoteRef: - key: /authentik/oidc/grafana + key: /cl01tl/authentik/oidc/grafana property: client - secretKey: AUTH_CLIENT_SECRET remoteRef: - key: /authentik/oidc/grafana + key: /cl01tl/authentik/oidc/grafana property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: grafana-operator-postgresql-18-cluster-backup-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /digital-ocean/home-infra/postgres-backups - property: access - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /digital-ocean/home-infra/postgres-backups - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: grafana-operator-postgresql-18-cluster-backup-secret-garage - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grafana-operator-postgresql-18-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ACCESS_KEY_ID - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_KEY_ID - - secretKey: ACCESS_SECRET_KEY - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_SECRET_KEY - - secretKey: ACCESS_REGION - remoteRef: - key: /garage/home-infra/postgres-backups - property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml index 7d5961b84..a89e1da98 100644 --- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml +++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-dashboard.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-ceph - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -24,8 +23,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-coredns - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -43,8 +41,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-etcd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -62,8 +59,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -81,8 +77,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-loki - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -100,8 +95,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-node-full - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -119,8 +113,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-node-short - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -138,8 +131,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-pods - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -157,8 +149,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-argocd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -176,8 +167,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-blocky - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -195,8 +185,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-cert-manager - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -214,8 +203,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-cloudnative-pg - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -233,8 +221,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-descheduler - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -252,8 +239,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-external-dns - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -271,8 +257,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-external-secrets - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -290,8 +275,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-gatus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -309,8 +293,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-operator - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -328,8 +311,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-harbor - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -347,8 +329,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-speedtest-exporter - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -366,8 +347,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-spegel - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -385,8 +365,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-traefik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -404,8 +383,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-tdarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -423,8 +401,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-unpoller - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -442,8 +419,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-version-checker-internal - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -461,8 +437,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-version-checker - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -480,8 +455,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-volsync - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -499,8 +473,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-s3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -518,8 +491,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-authentik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -537,8 +509,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-gitea - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -556,8 +527,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-ntfy - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -575,8 +545,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-openbao - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -594,8 +563,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-qbittorrent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -613,8 +581,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-vault - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -632,8 +599,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-unpackerr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -651,8 +617,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-airgradient - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -670,8 +635,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-server-power-consumption - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -689,8 +653,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-immich - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -708,8 +671,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-jellyfin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -727,8 +689,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-navidrome - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -746,8 +707,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -765,8 +725,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-servarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -784,8 +743,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-dashboard-sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: diff --git a/clusters/cl01tl/helm/grafana-operator/templates/grafana-datasource.yaml b/clusters/cl01tl/helm/grafana-operator/templates/grafana-datasource.yaml index a664206ee..bfabee80d 100644 --- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-datasource.yaml +++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-datasource.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-datasource-prometheus - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: datasource: name: Prometheus @@ -33,8 +32,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-datasource-loki - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: datasource: name: Loki diff --git a/clusters/cl01tl/helm/grafana-operator/templates/grafana-folder.yaml b/clusters/cl01tl/helm/grafana-operator/templates/grafana-folder.yaml index ca49f4867..ccede7615 100644 --- a/clusters/cl01tl/helm/grafana-operator/templates/grafana-folder.yaml +++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana-folder.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-folder-application - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -40,8 +39,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-folder-iot - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -75,8 +73,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-folder-platform - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -110,8 +107,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-folder-service - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: @@ -145,8 +141,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-folder-system - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: instanceSelector: matchLabels: diff --git a/clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml b/clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml index 147936eac..758393146 100644 --- a/clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml +++ b/clusters/cl01tl/helm/grafana-operator/templates/grafana.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grafana-main - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} app: grafana-main spec: config: @@ -66,22 +65,22 @@ spec: - name: AUTH_CLIENT_ID valueFrom: secretKeyRef: - name: grafana-oauth-secret + name: grafana-oidc-authentik key: AUTH_CLIENT_ID - name: AUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: grafana-oauth-secret + name: grafana-oidc-authentik key: AUTH_CLIENT_SECRET - name: ADMIN_USER valueFrom: secretKeyRef: - name: grafana-auth-secret + name: grafana-config key: admin-user - name: ADMIN_PASSWORD valueFrom: secretKeyRef: - name: grafana-auth-secret + name: grafana-config key: admin-password - name: DB_HOST valueFrom: diff --git a/clusters/cl01tl/helm/grimmory/templates/_helpers.tpl b/clusters/cl01tl/helm/grimmory/templates/_helpers.tpl new file mode 100644 index 000000000..8a45e9226 --- /dev/null +++ b/clusters/cl01tl/helm/grimmory/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.booksNfsName" -}} +grimmory-books-nfs-storage +{{- end -}} +{{- define "custom.booksImportNfsName" -}} +grimmory-books-import-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml b/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml index 801fba13d..85ab951c9 100644 --- a/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/grimmory/templates/external-secret.yaml @@ -1,42 +1,21 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: grimmory-database-secret + name: grimmory-database-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grimmory-database-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: grimmory-database-config + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: password remoteRef: key: /cl01tl/grimmory/database property: password ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: grimmory-data-replication-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: grimmory-data-replication-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: psk.txt - remoteRef: - key: /cl01tl/grimmory/replication - property: psk.txt - --- apiVersion: external-secrets.io/v1 kind: ExternalSecret @@ -45,12 +24,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-external - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: access remoteRef: @@ -69,18 +47,17 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: grimmory-mariadb-cluster-backup-secret-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: access remoteRef: key: /garage/home-infra/mariadb-backups - property: access + property: ACCESS_KEY_ID - secretKey: secret remoteRef: key: /garage/home-infra/mariadb-backups - property: secret + property: ACCESS_SECRET_KEY diff --git a/clusters/cl01tl/helm/grimmory/templates/namespace.yaml b/clusters/cl01tl/helm/grimmory/templates/namespace.yaml index 7fb67e59e..f349a6b0d 100644 --- a/clusters/cl01tl/helm/grimmory/templates/namespace.yaml +++ b/clusters/cl01tl/helm/grimmory/templates/namespace.yaml @@ -1,13 +1,7 @@ apiVersion: v1 kind: Namespace metadata: - name: grimmory - annotations: - volsync.backube/privileged-movers: "true" + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grimmory - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} - pod-security.kubernetes.io/audit: privileged - pod-security.kubernetes.io/enforce: privileged - pod-security.kubernetes.io/warn: privileged + app.kubernetes.io/name: {{ .Release.Namespace }} + {{- include "custom.labels" . | nindent 4 }} diff --git a/clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml index 18a0b7bb0..509d988c2 100644 --- a/clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/grimmory/templates/persistent-volume-claim.yaml @@ -1,14 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: grimmory-books-nfs-storage + name: {{ include "custom.booksNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grimmory-books-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.booksNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: grimmory-books-nfs-storage + volumeName: {{ include "custom.booksNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -20,14 +19,13 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: grimmory-books-import-nfs-storage + name: {{ include "custom.booksImportNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grimmory-books-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.booksImportNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: grimmory-books-import-nfs-storage + volumeName: {{ include "custom.booksImportNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml b/clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml index 3ec10052a..5670895ca 100644 --- a/clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/grimmory/templates/persistent-volume.yaml @@ -1,12 +1,11 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: grimmory-books-nfs-storage + name: {{ include "custom.booksNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grimmory-books-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.booksNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -26,12 +25,11 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: grimmory-books-import-nfs-storage + name: {{ include "custom.booksImportNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: grimmory-books-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.booksImportNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -40,7 +38,7 @@ spec: accessModes: - ReadWriteMany nfs: - path: /volume2/Storage/Books Import + path: '/volume2/Storage/Books Import' server: synologybond.alexlebens.net mountOptions: - vers=4 diff --git a/clusters/cl01tl/helm/grimmory/values.yaml b/clusters/cl01tl/helm/grimmory/values.yaml index d0ba29d65..8d09eb481 100644 --- a/clusters/cl01tl/helm/grimmory/values.yaml +++ b/clusters/cl01tl/helm/grimmory/values.yaml @@ -27,7 +27,7 @@ grimmory: - name: DATABASE_PASSWORD valueFrom: secretKeyRef: - name: grimmory-database-secret + name: grimmory-database-config key: password - name: GRIMMORY_PORT value: 6060 @@ -98,7 +98,7 @@ mariadb-cluster: mariadb: rootPasswordSecretKeyRef: generate: false - name: grimmory-database-secret + name: grimmory-database-config key: password storage: size: 5Gi diff --git a/clusters/cl01tl/helm/harbor/templates/_helpers.tpl b/clusters/cl01tl/helm/harbor/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/harbor/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/harbor/templates/external-secret.yaml b/clusters/cl01tl/helm/harbor/templates/external-secret.yaml index 929669edf..e2b394fe7 100644 --- a/clusters/cl01tl/helm/harbor/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/harbor/templates/external-secret.yaml @@ -5,12 +5,11 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: harbor-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: HARBOR_ADMIN_PASSWORD remoteRef: @@ -18,12 +17,12 @@ spec: property: admin-password - secretKey: secretKey remoteRef: - key: /cl01tl/harbor/config - property: secretKey + key: /cl01tl/harbor/key + property: secret-key - secretKey: CSRF_KEY remoteRef: - key: /cl01tl/harbor/core - property: CSRF_KEY + key: /cl01tl/harbor/key + property: csrf-key - secretKey: secret remoteRef: key: /cl01tl/harbor/core @@ -39,24 +38,20 @@ spec: - secretKey: JOBSERVICE_SECRET remoteRef: key: /cl01tl/harbor/jobservice - property: JOBSERVICE_SECRET + property: secret - secretKey: REGISTRY_HTTP_SECRET remoteRef: key: /cl01tl/harbor/registry - property: REGISTRY_HTTP_SECRET - - secretKey: REGISTRY_REDIS_PASSWORD - remoteRef: - key: /cl01tl/harbor/registry - property: REGISTRY_REDIS_PASSWORD + property: http-secret - secretKey: REGISTRY_HTPASSWD remoteRef: key: /cl01tl/harbor/registry - property: REGISTRY_HTPASSWD + property: ht-passwd - secretKey: REGISTRY_CREDENTIAL_PASSWORD remoteRef: key: /cl01tl/harbor/registry - property: REGISTRY_CREDENTIAL_PASSWORD + property: credential-password - secretKey: REGISTRY_PASSWD remoteRef: key: /cl01tl/harbor/registry - property: REGISTRY_CREDENTIAL_PASSWORD + property: credential-password diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 210985f6d..3179f922a 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -5,10 +5,10 @@ harbor: enabled: false route: parentRefs: - - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik + group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik hosts: - harbor.alexlebens.net externalURL: https://harbor.alexlebens.net diff --git a/clusters/cl01tl/helm/headlamp/templates/_helpers.tpl b/clusters/cl01tl/helm/headlamp/templates/_helpers.tpl new file mode 100644 index 000000000..e8302c13f --- /dev/null +++ b/clusters/cl01tl/helm/headlamp/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} + +{{/* +ServiceAccount name +*/}} +{{- define "custom.serviceAccountName" -}} +headlamp-admin +{{- end -}} diff --git a/clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml b/clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml index dd86c1d66..2719a405e 100644 --- a/clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml +++ b/clusters/cl01tl/helm/headlamp/templates/cluster-role-binding.yaml @@ -5,16 +5,15 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: cluster-admin-oidc - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} roleRef: + apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin - apiGroup: rbac.authorization.k8s.io subjects: - - kind: User + - apiGroup: rbac.authorization.k8s.io + kind: User name: https://authentik.alexlebens.net/application/o/headlamp/#alexanderlebens@gmail.com - apiGroup: rbac.authorization.k8s.io - kind: ServiceAccount - name: headlamp-admin - namespace: headlamp + name: {{ include "custom.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} diff --git a/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml b/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml index a9454d455..3c3918119 100644 --- a/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/headlamp/templates/external-secret.yaml @@ -1,38 +1,37 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: headlamp-oidc-secret + name: headlamp-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: headlamp-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: headlamp-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: OIDC_CLIENT_ID remoteRef: - key: /authentik/oidc/headlamp + key: /cl01tl/authentik/oidc/headlamp property: client - secretKey: OIDC_CLIENT_SECRET remoteRef: - key: /authentik/oidc/headlamp + key: /cl01tl/authentik/oidc/headlamp property: secret - secretKey: OIDC_ISSUER_URL remoteRef: - key: /authentik/oidc/headlamp + key: /cl01tl/authentik/oidc/headlamp property: issuer - secretKey: OIDC_SCOPES remoteRef: - key: /authentik/oidc/headlamp + key: /cl01tl/authentik/oidc/headlamp property: scopes - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_IDP_ISSUER_URL remoteRef: - key: /authentik/oidc/headlamp - property: validator-issuer-url + key: /cl01tl/authentik/oidc/headlamp + property: issuer - secretKey: HEADLAMP_CONFIG_OIDC_VALIDATOR_CLIENT_ID remoteRef: - key: /authentik/oidc/headlamp - property: validator-client-id + key: /cl01tl/authentik/oidc/headlamp + property: client diff --git a/clusters/cl01tl/helm/headlamp/templates/service-account.yaml b/clusters/cl01tl/helm/headlamp/templates/service-account.yaml index e31ff0631..5db759b3e 100644 --- a/clusters/cl01tl/helm/headlamp/templates/service-account.yaml +++ b/clusters/cl01tl/helm/headlamp/templates/service-account.yaml @@ -1,9 +1,8 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: headlamp-admin + name: {{ include "custom.serviceAccountName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: headlamp-admin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }} + {{- include "custom.labels" . | nindent 4 }} diff --git a/clusters/cl01tl/helm/headlamp/values.yaml b/clusters/cl01tl/helm/headlamp/values.yaml index 88ed132fc..80794818d 100644 --- a/clusters/cl01tl/helm/headlamp/values.yaml +++ b/clusters/cl01tl/helm/headlamp/values.yaml @@ -10,7 +10,7 @@ headlamp: create: false externalSecret: enabled: true - name: headlamp-oidc-secret + name: headlamp-oidc-authentik watchPlugins: true httpRoute: enabled: true @@ -27,11 +27,9 @@ headlamp: type: PathPrefix value: / backendRefs: - - group: '' - kind: Service + - kind: Service name: headlamp port: 80 - weight: 100 resources: requests: cpu: 1m diff --git a/clusters/cl01tl/helm/home-assistant/templates/_helpers.tpl b/clusters/cl01tl/helm/home-assistant/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/home-assistant/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml b/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml index 6d3825e20..8b6243160 100644 --- a/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/home-assistant/templates/external-secret.yaml @@ -1,42 +1,40 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: home-assistant-code-server-password-secret + name: home-assistant-code-server-password namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: home-assistant-code-server-password-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: home-assistant-code-server-password + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: PASSWORD remoteRef: - key: /cl01tl/home-assistant/code-server/auth - property: PASSWORD + key: /cl01tl/home-assistant/code-server + property: password - secretKey: SUDO_PASSWORD remoteRef: - key: /cl01tl/home-assistant/code-server/auth - property: SUDO_PASSWORD + key: /cl01tl/home-assistant/code-server + property: sudo-password --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: home-assistant-token-secret + name: home-assistant-metric-token namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: home-assistant-token-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: home-assistant-metric-token + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: bearer-token remoteRef: - key: /cl01tl/home-assistant/auth + key: /cl01tl/home-assistant/config property: bearer-token diff --git a/clusters/cl01tl/helm/home-assistant/values.yaml b/clusters/cl01tl/helm/home-assistant/values.yaml index d000da6d1..b4899b1e2 100644 --- a/clusters/cl01tl/helm/home-assistant/values.yaml +++ b/clusters/cl01tl/helm/home-assistant/values.yaml @@ -35,7 +35,7 @@ home-assistant: value: /config envFrom: - secretRef: - name: home-assistant-code-server-password-secret + name: home-assistant-code-server-password service: main: controller: main @@ -63,7 +63,7 @@ home-assistant: scrapeTimeout: 1m path: /api/prometheus bearerTokenSecret: - name: home-assistant-token-secret + name: home-assistant-metric-token key: bearer-token route: main: diff --git a/clusters/cl01tl/helm/homepage/templates/_helpers.tpl b/clusters/cl01tl/helm/homepage/templates/_helpers.tpl new file mode 100644 index 000000000..521c9c078 --- /dev/null +++ b/clusters/cl01tl/helm/homepage/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} + +{{/* +CluserRole Name +*/}} +{{- define "custom.clusterRoleName" -}} +homepage +{{- end -}} diff --git a/clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml b/clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml index 224a93bd2..2763d0373 100644 --- a/clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml +++ b/clusters/cl01tl/helm/homepage/templates/cluster-role-binding.yaml @@ -1,16 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: homepage + name: {{ include "custom.clusterRoleName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.clusterRoleName" . }} + {{- include "custom.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: homepage + name: {{ include "custom.clusterRoleName" . }} subjects: - kind: ServiceAccount name: homepage diff --git a/clusters/cl01tl/helm/homepage/templates/cluster-role.yaml b/clusters/cl01tl/helm/homepage/templates/cluster-role.yaml index 3b8b2d256..9b1603745 100644 --- a/clusters/cl01tl/helm/homepage/templates/cluster-role.yaml +++ b/clusters/cl01tl/helm/homepage/templates/cluster-role.yaml @@ -1,12 +1,11 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: homepage + name: {{ include "custom.clusterRoleName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: homepage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.clusterRoleName" . }} + {{- include "custom.labels" . | nindent 4 }} rules: - apiGroups: - "" diff --git a/clusters/cl01tl/helm/homepage/templates/external-secret.yaml b/clusters/cl01tl/helm/homepage/templates/external-secret.yaml index 2b578fefc..f1904cb52 100644 --- a/clusters/cl01tl/helm/homepage/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/homepage/templates/external-secret.yaml @@ -1,20 +1,19 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: homepage-keys-secret + name: homepage-secrets namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: homepage-keys-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: homepage-secrets + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: HOMEPAGE_VAR_GITEA_API_TOKEN remoteRef: - key: /cl01tl/gitea/auth/homepage + key: /cl01tl/gitea/users/bot property: token - secretKey: HOMEPAGE_VAR_ARGOCD_API_TOKEN remoteRef: @@ -34,47 +33,47 @@ spec: property: key - secretKey: HOMEPAGE_VAR_SYNOLOGY_USER remoteRef: - key: /synology/auth/cl01tl + key: /synology/users/remote_stats property: user - secretKey: HOMEPAGE_VAR_SYNOLOGY_PASSWORD remoteRef: - key: /synology/auth/cl01tl + key: /synology/users/remote_stats property: password - secretKey: HOMEPAGE_VAR_UNIFI_API_KEY remoteRef: - key: /unifi/auth/cl01tl + key: /unifi/users/cl01tl property: api-key - secretKey: HOMEPAGE_VAR_SONARR_KEY remoteRef: - key: /cl01tl/sonarr4/key + key: /cl01tl/sonarr/key property: key - secretKey: HOMEPAGE_VAR_SONARR4K_KEY remoteRef: - key: /cl01tl/sonarr4-4k/key + key: /cl01tl/sonarr-4k/key property: key - secretKey: HOMEPAGE_VAR_SONARRANIME_KEY remoteRef: - key: /cl01tl/sonarr4-anime/key + key: /cl01tl/sonarr-anime/key property: key - secretKey: HOMEPAGE_VAR_RADARR_KEY remoteRef: - key: /cl01tl/radarr5/key + key: /cl01tl/radarr/key property: key - secretKey: HOMEPAGE_VAR_RADARR4K_KEY remoteRef: - key: /cl01tl/radarr5-4k/key + key: /cl01tl/radarr-4k/key property: key - secretKey: HOMEPAGE_VAR_RADARRANIME_KEY remoteRef: - key: /cl01tl/radarr5-anime/key + key: /cl01tl/radarr-anime/key property: key - secretKey: HOMEPAGE_VAR_RADARRSTANDUP_KEY remoteRef: - key: /cl01tl/radarr5-standup/key + key: /cl01tl/radarr-standup/key property: key - secretKey: HOMEPAGE_VAR_LIDARR_KEY remoteRef: - key: /cl01tl/lidarr2/key + key: /cl01tl/lidarr/key property: key - secretKey: HOMEPAGE_VAR_PROWLARR_KEY remoteRef: diff --git a/clusters/cl01tl/helm/homepage/values.yaml b/clusters/cl01tl/helm/homepage/values.yaml index 7389ad7e3..3a0d20b4b 100644 --- a/clusters/cl01tl/helm/homepage/values.yaml +++ b/clusters/cl01tl/helm/homepage/values.yaml @@ -22,7 +22,7 @@ homepage: value: home.alexlebens.net envFrom: - secretRef: - name: homepage-keys-secret + name: homepage-secrets resources: requests: cpu: 1m diff --git a/clusters/cl01tl/helm/houndarr/templates/_helpers.tpl b/clusters/cl01tl/helm/houndarr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/houndarr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/immich/templates/_helpers.tpl b/clusters/cl01tl/helm/immich/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/immich/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/immich/templates/external-secrets.yaml b/clusters/cl01tl/helm/immich/templates/external-secrets.yaml deleted file mode 100644 index c105cfa53..000000000 --- a/clusters/cl01tl/helm/immich/templates/external-secrets.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: immich-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: immich-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: immich.json - remoteRef: - key: /cl01tl/immich/config - property: immich.json diff --git a/clusters/cl01tl/helm/immich/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/immich/templates/secret-provider-class.yaml new file mode 100644 index 000000000..b2398a888 --- /dev/null +++ b/clusters/cl01tl/helm/immich/templates/secret-provider-class.yaml @@ -0,0 +1,18 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: immich-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: immich-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: immich + objects: | + - objectName: immich.json + fileName: immich.json + secretPath: secret/data/cl01tl/immich/config + secretKey: immich.json diff --git a/clusters/cl01tl/helm/immich/values.yaml b/clusters/cl01tl/helm/immich/values.yaml index d7b85f3b2..196121d44 100644 --- a/clusters/cl01tl/helm/immich/values.yaml +++ b/clusters/cl01tl/helm/immich/values.yaml @@ -4,6 +4,8 @@ immich: type: deployment replicas: 1 strategy: Recreate + serviceAccount: + name: immich containers: main: image: @@ -86,6 +88,10 @@ immich: gpu.intel.com/i915: 1 cpu: 10m memory: 500Mi + serviceAccount: + immich: + enabled: true + staticToken: true service: main: controller: main @@ -135,9 +141,13 @@ immich: value: / persistence: config: - enabled: true - type: secret - name: immich-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: immich-config advancedMounts: main: main: diff --git a/clusters/cl01tl/helm/intel-device-plugin/templates/_helpers.tpl b/clusters/cl01tl/helm/intel-device-plugin/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/intel-device-plugin/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/intel-device-plugin/templates/namespace.yaml b/clusters/cl01tl/helm/intel-device-plugin/templates/namespace.yaml index 861af10d0..bbbe36926 100644 --- a/clusters/cl01tl/helm/intel-device-plugin/templates/namespace.yaml +++ b/clusters/cl01tl/helm/intel-device-plugin/templates/namespace.yaml @@ -1,11 +1,10 @@ apiVersion: v1 kind: Namespace metadata: - name: intel-device-plugin + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: intel-device-plugin - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ .Release.Namespace }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/jellyfin/templates/_helpers.tpl b/clusters/cl01tl/helm/jellyfin/templates/_helpers.tpl new file mode 100644 index 000000000..d041f6628 --- /dev/null +++ b/clusters/cl01tl/helm/jellyfin/templates/_helpers.tpl @@ -0,0 +1,24 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +jellyfin-nfs-storage +{{- end -}} +{{- define "custom.storageYoutubeNfsName" -}} +jellyfin-youtube-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml b/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml index 0cd27057a..a4bc0ebab 100644 --- a/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/jellyfin/templates/external-secret.yaml @@ -1,38 +1,36 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: jellyfin-exporter-secret + name: jellyfin-metric-token namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: jellyfin-exporter-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: jellyfin-metric-token + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: token remoteRef: - key: /cl01tl/jellyfin/exporter + key: /cl01tl/jellyfin/metrics property: token --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: jellyfin-meilisearch-master-key-secret + name: jellyfin-meilisearch-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: jellyfin-meilisearch-master-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: jellyfin-meilisearch-key + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: MEILI_MASTER_KEY remoteRef: key: /cl01tl/jellyfin/meilisearch - property: MEILI_MASTER_KEY + property: master-key diff --git a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml index fdb6a5ce7..0602e3445 100644 --- a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/jellyfin/templates/persistent-volume-claim.yaml @@ -1,14 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: jellyfin-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: jellyfin-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: jellyfin-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -20,14 +19,13 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: jellyfin-youtube-nfs-storage + name: {{ include "custom.storageYoutubeNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: jellyfin-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.storageYoutubeNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: jellyfin-youtube-nfs-storage + volumeName: {{ include "custom.storageYoutubeNfsName" . }} storageClassName: nfs-client accessModes: - ReadOnlyMany diff --git a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml b/clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml index af39701d4..7597252ac 100644 --- a/clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/jellyfin/templates/persistent-volume.yaml @@ -1,12 +1,11 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: jellyfin-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: jellyfin-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -26,12 +25,11 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: jellyfin-youtube-nfs-storage + name: {{ include "custom.storageYoutubeNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: jellyfin-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "custom.storageYoutubeNfsName" . }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/jellyfin/values.yaml b/clusters/cl01tl/helm/jellyfin/values.yaml index 4112963d7..06eab78d2 100644 --- a/clusters/cl01tl/helm/jellyfin/values.yaml +++ b/clusters/cl01tl/helm/jellyfin/values.yaml @@ -48,7 +48,7 @@ jellyfin: - name: TOKEN valueFrom: secretKeyRef: - name: jellyfin-exporter-secret + name: jellyfin-metric-token key: token service: main: @@ -133,7 +133,7 @@ meilisearch: MEILI_ENV: production MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: - existingMasterKeySecret: jellyfin-meilisearch-master-key-secret + existingMasterKeySecret: jellyfin-meilisearch-key persistence: enabled: true storageClass: ceph-block diff --git a/clusters/cl01tl/helm/jellystat/templates/_helpers.tpl b/clusters/cl01tl/helm/jellystat/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/jellystat/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml b/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml index ee87cd82d..276ff1e8d 100644 --- a/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/jellystat/templates/external-secret.yaml @@ -1,26 +1,25 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: jellystat-secret + name: jellystat-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: jellystat-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + app.kubernetes.io/name: jellystat-config + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: secret-key remoteRef: - key: /cl01tl/jellystat/auth + key: /cl01tl/jellystat/key property: secret-key - secretKey: user remoteRef: - key: /cl01tl/jellystat/auth + key: /cl01tl/jellystat/config property: user - secretKey: password remoteRef: - key: /cl01tl/jellystat/auth + key: /cl01tl/jellystat/cconfig property: password diff --git a/clusters/cl01tl/helm/jellystat/values.yaml b/clusters/cl01tl/helm/jellystat/values.yaml index 51752f5c4..f21ad8c2a 100644 --- a/clusters/cl01tl/helm/jellystat/values.yaml +++ b/clusters/cl01tl/helm/jellystat/values.yaml @@ -15,17 +15,17 @@ jellystat: - name: JWT_SECRET valueFrom: secretKeyRef: - name: jellystat-secret + name: jellystat-config key: secret-key - name: JS_USER valueFrom: secretKeyRef: - name: jellystat-secret + name: jellystat-config key: user - name: JS_PASSWORD valueFrom: secretKeyRef: - name: jellystat-secret + name: jellystat-config key: password - name: POSTGRES_USER valueFrom: diff --git a/clusters/cl01tl/helm/karakeep/templates/_helpers.tpl b/clusters/cl01tl/helm/karakeep/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/karakeep/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml index 055cc9477..a809456c8 100644 --- a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: karakeep-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -29,8 +28,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: karakeep-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -53,8 +51,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: karakeep-bucket-garage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -81,8 +78,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: karakeep-meilisearch-master-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/kiwix/templates/_helpers.tpl b/clusters/cl01tl/helm/kiwix/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/kiwix/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml index 1423bcd69..9345de883 100644 --- a/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: kiwix-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: kiwix-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml b/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml index 5185019e7..9e50301a4 100644 --- a/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: kiwix-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/komodo/templates/_helpers.tpl b/clusters/cl01tl/helm/komodo/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/komodo/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml index f9e7c9103..32572bab6 100644 --- a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: komodo-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -41,8 +40,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: komodo-postgresql-17-fdb-cluster-ferret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/_helpers.tpl b/clusters/cl01tl/helm/kube-prometheus-stack/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml index f434f9f11..f5fe5f7ec 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: alertmanager-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -25,8 +24,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-metric-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -45,8 +43,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ntfy-alertmanager-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml index 992072a1e..d11082f59 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: kube-prometheus-stack labels: app.kubernetes.io/name: kube-prometheus-stack - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml index 72e295dc1..61b597302 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: external-nodes-http - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: staticConfigs: - labels: @@ -25,8 +24,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: external-nodes-https - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: staticConfigs: - labels: @@ -44,8 +42,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: airgradient-http - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: staticConfigs: - labels: @@ -63,8 +60,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-https - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: staticConfigs: - labels: diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml index f2c354a5b..74c65abd8 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml index 06ee749b7..8830b6c6b 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: "certificates-{{ .Release.Name }}" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} rules: - apiGroups: - certificates.k8s.io @@ -45,8 +44,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: "events-{{ .Release.Name }}" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} rules: - apiGroups: - "" diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml index 0ccd84973..2d4653698 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: kubelet-serving-cert-approver labels: app.kubernetes.io/name: kubelet-serving-cert-approver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: restricted pod-security.kubernetes.io/enforce: restricted pod-security.kubernetes.io/warn: restricted diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml index cc40acbe8..afdc6c55b 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: "events-{{ .Release.Name }}" - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole diff --git a/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/_helpers.tpl b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml index 61ba281df..593ce0c81 100644 --- a/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: kubernetes-cloudflare-ddns-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/languagetool/templates/_helpers.tpl b/clusters/cl01tl/helm/languagetool/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/languagetool/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/libation/templates/_helpers.tpl b/clusters/cl01tl/helm/libation/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/libation/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml index 067785451..21a9df98f 100644 --- a/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: libation-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: libation-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml b/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml index 123b69068..495de2253 100644 --- a/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: libation-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/lidarr/templates/_helpers.tpl b/clusters/cl01tl/helm/lidarr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/lidarr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/lidarr/templates/middleware.yaml b/clusters/cl01tl/helm/lidarr/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/lidarr/templates/middleware.yaml +++ b/clusters/cl01tl/helm/lidarr/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml index c1d21f84e..1c0617c89 100644 --- a/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: lidarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: lidarr-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml index 181d788f2..d1fe2a868 100644 --- a/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: lidarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml index 80b14f110..524acc8be 100644 --- a/clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/lidarr/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: lidarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: lidarr diff --git a/clusters/cl01tl/helm/local-path-provisioner/templates/_helpers.tpl b/clusters/cl01tl/helm/local-path-provisioner/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/local-path-provisioner/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml b/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml index cd4e163d4..6587103c2 100644 --- a/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml +++ b/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: local-path-provisioner labels: app.kubernetes.io/name: local-path-provisioner - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/loki/templates/_helpers.tpl b/clusters/cl01tl/helm/loki/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/loki/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/loki/templates/namespace.yaml b/clusters/cl01tl/helm/loki/templates/namespace.yaml index d2683e954..793925bd9 100644 --- a/clusters/cl01tl/helm/loki/templates/namespace.yaml +++ b/clusters/cl01tl/helm/loki/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: loki labels: app.kubernetes.io/name: loki - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/mariadb-operator/templates/_helpers.tpl b/clusters/cl01tl/helm/mariadb-operator/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/mariadb-operator/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl b/clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml b/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml index dea8bfe15..02b79d5ea 100644 --- a/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: matrix-synapse-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -29,8 +28,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: matrix-synapse-signingkey - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -49,8 +47,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: matrix-hookshot-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -104,8 +101,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: mautrix-whatsapp-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -128,8 +124,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: double-puppet-registration-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -148,8 +143,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: matrix-synapse-valkey-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/service-monitor.yaml b/clusters/cl01tl/helm/matrix-synapse/templates/service-monitor.yaml index 15e02702a..659977d47 100644 --- a/clusters/cl01tl/helm/matrix-synapse/templates/service-monitor.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/templates/service-monitor.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: matrix-synapse - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: selector: matchLabels: diff --git a/clusters/cl01tl/helm/medialyze/templates/_helpers.tpl b/clusters/cl01tl/helm/medialyze/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/medialyze/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml index 5b4c52337..ed0420367 100644 --- a/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: medialyze-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: medialyze-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml b/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml index b783dd104..9e1fee702 100644 --- a/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: medialyze-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/metrics-server/templates/_helpers.tpl b/clusters/cl01tl/helm/metrics-server/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/metrics-server/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl b/clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml index 7eafe9fb4..9b8bc4164 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: music-grabber-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -37,8 +36,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: music-grabber-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml index 8b8ba67db..7d763994c 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: music-grabber-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: music-grabber-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml index a9696a3d0..e07df3efe 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: music-grabber-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/navidrome/templates/_helpers.tpl b/clusters/cl01tl/helm/navidrome/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/navidrome/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml index 6b5e6a8ca..b5df7437a 100644 --- a/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: navidrome-music-nfs-storage storageClassName: nfs-client @@ -24,8 +23,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: navidrome-music-youtube-nfs-storage storageClassName: nfs-client @@ -43,8 +41,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-grabber-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: navidrome-music-grabber-nfs-storage storageClassName: nfs-client @@ -62,8 +59,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-single-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: navidrome-music-single-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml b/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml index e24247012..731881097 100644 --- a/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -30,8 +29,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-youtube-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -55,8 +53,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-grabber-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -80,8 +77,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: navidrome-music-single-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/node-feature-discovery/templates/_helpers.tpl b/clusters/cl01tl/helm/node-feature-discovery/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/node-feature-discovery/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml b/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml index a8b00379e..aeb455db5 100644 --- a/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml +++ b/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: node-feature-discovery labels: app.kubernetes.io/name: node-feature-discovery - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/ntfy/templates/_helpers.tpl b/clusters/cl01tl/helm/ntfy/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/ntfy/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml b/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml index b043dd4eb..7de6f187d 100644 --- a/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ntfy-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/ollama/templates/_helpers.tpl b/clusters/cl01tl/helm/ollama/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/ollama/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/ollama/templates/external-secret.yaml b/clusters/cl01tl/helm/ollama/templates/external-secret.yaml index 2f6cd8d43..be7ebdedf 100644 --- a/clusters/cl01tl/helm/ollama/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/ollama/templates/external-secret.yaml @@ -6,8 +6,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ollama-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -26,8 +25,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ollama-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/omni-tools/templates/_helpers.tpl b/clusters/cl01tl/helm/omni-tools/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/omni-tools/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/openbao/templates/_helpers.tpl b/clusters/cl01tl/helm/openbao/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/openbao/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/openbao/templates/external-secret.yaml b/clusters/cl01tl/helm/openbao/templates/external-secret.yaml index e0a72e2bd..61ab2546d 100644 --- a/clusters/cl01tl/helm/openbao/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/openbao/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-snapshot-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -37,8 +36,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-unseal-config-1 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -69,8 +67,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-unseal-config-2 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -101,8 +98,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-unseal-config-3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/openbao/templates/ingress.yaml b/clusters/cl01tl/helm/openbao/templates/ingress.yaml index d23c33b46..972fac71a 100644 --- a/clusters/cl01tl/helm/openbao/templates/ingress.yaml +++ b/clusters/cl01tl/helm/openbao/templates/ingress.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: openbao-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} tailscale.com/proxy-class: no-metrics annotations: tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" diff --git a/clusters/cl01tl/helm/openbao/templates/namespace.yaml b/clusters/cl01tl/helm/openbao/templates/namespace.yaml index bdd9da5a4..748ee3072 100644 --- a/clusters/cl01tl/helm/openbao/templates/namespace.yaml +++ b/clusters/cl01tl/helm/openbao/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: openbao labels: app.kubernetes.io/name: openbao - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/outline/templates/_helpers.tpl b/clusters/cl01tl/helm/outline/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/outline/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/outline/templates/external-secret.yaml b/clusters/cl01tl/helm/outline/templates/external-secret.yaml index f90e7d5fc..ea13a006d 100644 --- a/clusters/cl01tl/helm/outline/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/outline/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: outline-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -29,8 +28,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: outline-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/paperless-ngx/templates/_helpers.tpl b/clusters/cl01tl/helm/paperless-ngx/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/paperless-ngx/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml b/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml index 206532e30..f7c3b9c20 100644 --- a/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: paperless-ngx-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -33,8 +32,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: paperless-ngx-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/plex/templates/_helpers.tpl b/clusters/cl01tl/helm/plex/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/plex/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml index 61a5296c2..b64bcbe01 100644 --- a/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: plex-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: plex-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml b/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml index cdf01b15c..7597395f6 100644 --- a/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: plex-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/postiz/templates/_helpers.tpl b/clusters/cl01tl/helm/postiz/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/postiz/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml index 00c889f8b..496d45f4c 100644 --- a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: postiz-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -25,8 +24,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: postiz-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -49,8 +47,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: postiz-elasticsearch-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -77,8 +74,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: postiz-valkey-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/postiz/templates/http-route.yaml b/clusters/cl01tl/helm/postiz/templates/http-route.yaml index aa86d6bac..f6d339bbe 100644 --- a/clusters/cl01tl/helm/postiz/templates/http-route.yaml +++ b/clusters/cl01tl/helm/postiz/templates/http-route.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: postiz-temporal-web - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: parentRefs: - group: gateway.networking.k8s.io diff --git a/clusters/cl01tl/helm/prowlarr/templates/_helpers.tpl b/clusters/cl01tl/helm/prowlarr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/prowlarr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml b/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml index f6822c768..58a28bba1 100644 --- a/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: prowlarr-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl b/clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml b/clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml index 375402c02..8384453f2 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/config-map.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: glutun-update-script - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} data: update.sh: | API_ENDPOINT="http://localhost:8080/api/v2"; @@ -139,8 +138,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: qbit-manage-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} data: config.yml: | # Please refer to the link below for more details on how to set up the configuration file diff --git a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml index a978f5319..b5b3e2bde 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: qbittorrent-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -37,8 +36,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: qbittorrent-qbit-manage-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -61,8 +59,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: qui-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml b/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml index 37fd60393..97d505071 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: qbittorrent labels: app.kubernetes.io/name: qbittorrent - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml index 280f00282..e300de499 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: qbittorrent-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: qbittorrent-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml index ac0f75046..4354effca 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: qbittorrent-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml b/clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml index b05e92529..b1a1250f5 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: radarr-4k-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml index 435908330..07ded9aa5 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml index e3cab3d05..c9ce607b3 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: radarr-4k diff --git a/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml b/clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml index 572bca509..463913336 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: radarr-anime-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml index de760a1b9..4ff3d5b21 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml index 9134bf0c5..d68c6eeba 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: radarr-anime diff --git a/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml b/clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml index 29ad7f688..6c61d9abc 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-standup-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: radarr-standup-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml index 63cdd5dea..2abc1a935 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-standup-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml index 3e33b02c4..86b4ba302 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-standup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: radarr-standup diff --git a/clusters/cl01tl/helm/radarr/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/radarr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/radarr/templates/middleware.yaml b/clusters/cl01tl/helm/radarr/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/radarr/templates/middleware.yaml +++ b/clusters/cl01tl/helm/radarr/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml index 1c07245f8..e4702537e 100644 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: radarr-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml index 131d465cc..e11ad08ae 100644 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml index d5076ca9d..1454b8ec7 100644 --- a/clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/radarr/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: radarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: radarr diff --git a/clusters/cl01tl/helm/rclone/templates/_helpers.tpl b/clusters/cl01tl/helm/rclone/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/rclone/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml index f79997299..e6613280b 100644 --- a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-directus-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -41,8 +40,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-karakeep-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -77,8 +75,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-talos-backups-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -113,8 +110,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-web-assets-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -149,8 +145,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-postgres-backups-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -185,8 +180,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-ntfy-attachments-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -221,8 +215,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-openbao-backups-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -257,8 +250,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: external-openbao-backups-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/reloader/templates/_helpers.tpl b/clusters/cl01tl/helm/reloader/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/reloader/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/rook-ceph/templates/_helpers.tpl b/clusters/cl01tl/helm/rook-ceph/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/rook-ceph/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml b/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml index 846716636..82e9bf619 100644 --- a/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml +++ b/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: rook-ceph labels: app.kubernetes.io/name: rook-ceph - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/roundcube/templates/_helpers.tpl b/clusters/cl01tl/helm/roundcube/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/roundcube/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml index 4d287732c..89fdc892e 100644 --- a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: roundcube-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/rybbit/templates/_helpers.tpl b/clusters/cl01tl/helm/rybbit/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/rybbit/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml index b40f60b87..cda4cae82 100644 --- a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: rybbit-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/s3-exporter/templates/_helpers.tpl b/clusters/cl01tl/helm/s3-exporter/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/s3-exporter/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml b/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml index 34a377c54..8f8081e0d 100644 --- a/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: s3-do-home-infra-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -33,8 +32,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: s3-garage-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/searxng/templates/_helpers.tpl b/clusters/cl01tl/helm/searxng/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/searxng/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml index 2b7dd2c0c..468398105 100644 --- a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: searxng-browser-metrics-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -29,8 +28,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: searxng-api-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/secrets-store-csi-driver/templates/_helpers.tpl b/clusters/cl01tl/helm/secrets-store-csi-driver/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/secrets-store-csi-driver/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml b/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml index b5f85dbcb..05537d795 100644 --- a/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml +++ b/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: secrets-store-csi-driver labels: app.kubernetes.io/name: secrets-store-csi-driver - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/seerr/templates/_helpers.tpl b/clusters/cl01tl/helm/seerr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/seerr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl b/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml b/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml index 95f80d759..c9eb87bd2 100644 --- a/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelfmark-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml index 2c31a5189..00a8465a6 100644 --- a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelfmark-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: shelfmark-import-nfs-storage storageClassName: nfs-client @@ -24,8 +23,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelfmark-audiobooks-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: shelfmark-audiobooks-nfs-storage storageClassName: nfs-client @@ -43,8 +41,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelfmark-downloads-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: shelfmark-downloads-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml index 28fac1832..02b16ff44 100644 --- a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelfmark-import-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -30,8 +29,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelfmark-audiobooks-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client @@ -55,8 +53,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelfmark-downloads-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/shelly-plug/templates/_helpers.tpl b/clusters/cl01tl/helm/shelly-plug/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/shelly-plug/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml b/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml index cf2d8bcc1..c0ea53483 100644 --- a/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: shelly-plug-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/site-documentation/templates/_helpers.tpl b/clusters/cl01tl/helm/site-documentation/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/site-documentation/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/site-profile/templates/_helpers.tpl b/clusters/cl01tl/helm/site-profile/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/site-profile/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/site-saralebens/templates/_helpers.tpl b/clusters/cl01tl/helm/site-saralebens/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/site-saralebens/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/slskd/templates/_helpers.tpl b/clusters/cl01tl/helm/slskd/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/slskd/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml index 51a984b5b..0949bdfd1 100644 --- a/clusters/cl01tl/helm/slskd/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/slskd/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: airvpn-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -41,8 +40,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: protonvpn-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/slskd/templates/namespace.yaml b/clusters/cl01tl/helm/slskd/templates/namespace.yaml index 9793bc56d..be130061c 100644 --- a/clusters/cl01tl/helm/slskd/templates/namespace.yaml +++ b/clusters/cl01tl/helm/slskd/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: slskd labels: app.kubernetes.io/name: slskd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml index b44e26d30..cba12149a 100644 --- a/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: slskd-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: slskd-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml b/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml index 3e234f75a..5ad8d6a44 100644 --- a/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: slskd-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/slskd/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/slskd/templates/secret-provider-class.yaml index e37cf1e74..eaf25c068 100644 --- a/clusters/cl01tl/helm/slskd/templates/secret-provider-class.yaml +++ b/clusters/cl01tl/helm/slskd/templates/secret-provider-class.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: slskd-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: provider: openbao parameters: diff --git a/clusters/cl01tl/helm/slskd/values.yaml b/clusters/cl01tl/helm/slskd/values.yaml index ecaa2af4d..a005489e4 100644 --- a/clusters/cl01tl/helm/slskd/values.yaml +++ b/clusters/cl01tl/helm/slskd/values.yaml @@ -109,6 +109,9 @@ slskd: devic.es/tun: "1" requests: devic.es/tun: "1" + serviceAccount: + slskd: + enabled: true service: main: controller: main diff --git a/clusters/cl01tl/helm/snapshot-controller/templates/_helpers.tpl b/clusters/cl01tl/helm/snapshot-controller/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/snapshot-controller/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl b/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml +++ b/clusters/cl01tl/helm/sonarr-4k/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml index 388857422..f83ff9214 100644 --- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: sonarr-4k-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml index 8049c36c9..c7ddc3c18 100644 --- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-4k-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml index 407d04562..81d08656f 100644 --- a/clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/sonarr-4k/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-4k - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: sonarr-4k diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl b/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml +++ b/clusters/cl01tl/helm/sonarr-anime/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml index e0e63952a..531b38f11 100644 --- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: sonarr-anime-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml index 3ee8f4c63..50aa05f46 100644 --- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-anime-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml index dbcc8e998..83ba1d530 100644 --- a/clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/sonarr-anime/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-anime - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: sonarr-anime diff --git a/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl b/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/sonarr/templates/middleware.yaml b/clusters/cl01tl/helm/sonarr/templates/middleware.yaml index 341764b57..701f30f52 100644 --- a/clusters/cl01tl/helm/sonarr/templates/middleware.yaml +++ b/clusters/cl01tl/helm/sonarr/templates/middleware.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: oidc-forward-auth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: forwardAuth: address: http://ak-outpost-traefik-proxy-auth.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/traefik diff --git a/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml index 72cf49562..cae209ff6 100644 --- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: sonarr-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml index a23f24017..a63d6c47e 100644 --- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml index 5459fd7c3..593b3b3b1 100644 --- a/clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/sonarr/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sonarr - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: sonarr diff --git a/clusters/cl01tl/helm/sparkyfitness/templates/_helpers.tpl b/clusters/cl01tl/helm/sparkyfitness/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/sparkyfitness/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml b/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml index c7521caf8..2bb5cdc61 100644 --- a/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sparkyfitness-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -29,8 +28,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: sparkyfitness-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/speedtest-exporter/templates/_helpers.tpl b/clusters/cl01tl/helm/speedtest-exporter/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/speedtest-exporter/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/stack/templates/_helpers.tpl b/clusters/cl01tl/helm/stack/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/stack/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/stalwart/templates/_helpers.tpl b/clusters/cl01tl/helm/stalwart/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/stalwart/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml index 7d27bfe86..672c3369a 100644 --- a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: elasticsearch-stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: # renovate: datasource=docker depName=elasticsearch version: 9.3.3 diff --git a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml index 5f2bf011c..31cfd9583 100644 --- a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: stalwart-elasticsearch-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/stalwart/templates/namespace.yaml b/clusters/cl01tl/helm/stalwart/templates/namespace.yaml index 884be40ab..c573f079f 100644 --- a/clusters/cl01tl/helm/stalwart/templates/namespace.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: stalwart labels: app.kubernetes.io/name: stalwart - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/_helpers.tpl b/clusters/cl01tl/helm/tailscale-operator/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/tailscale-operator/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/connector.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/connector.yaml index 348f98d0c..6d6b61517 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/connector.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/connector.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: subnet-router-local - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: hostname: subnet-router-local-cl01tl proxyClass: default diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/dns-config.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/dns-config.yaml index f1da7d6d6..ce9599eee 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/dns-config.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/dns-config.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ts-dns - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: nameserver: image: diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml index 67c070a66..18539044b 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: operator-oauth - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml index f5b21a61a..166afd7cc 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: tailscale-operator labels: app.kubernetes.io/name: tailscale-operator - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/proxy-class.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/proxy-class.yaml index 8cd14c059..7827c0e5a 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/proxy-class.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/proxy-class.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: default - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: metrics: enable: true @@ -31,8 +30,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: no-metrics - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: metrics: enable: false diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/service.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/service.yaml index ca9ee7765..8a9009268 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/service.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/service.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: garage-ps10rp.boreal-beaufort.ts.net spec: @@ -21,8 +20,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: garage-ui-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: garage-ui-ps10rp.boreal-beaufort.ts.net spec: @@ -37,8 +35,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: gitea-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: gitea-ps10rp.boreal-beaufort.ts.net spec: @@ -53,8 +50,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: home-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: home-ps10rp.boreal-beaufort.ts.net spec: @@ -69,8 +65,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: komodo-periphery-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: komodo-periphery-ps10rp.boreal-beaufort.ts.net spec: @@ -85,8 +80,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: node-ps10rp - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: node-exporter-ps10rp.boreal-beaufort.ts.net spec: @@ -101,8 +95,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: ollama-pd05wd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: ollama-pd05wd.boreal-beaufort.ts.net spec: @@ -117,8 +110,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: stable-diffusion-pd05wd - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: tailscale.com/tailnet-fqdn: stable-diffusion-pd05wd.boreal-beaufort.ts.net spec: diff --git a/clusters/cl01tl/helm/talos/templates/_helpers.tpl b/clusters/cl01tl/helm/talos/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/talos/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/talos/templates/config.yaml b/clusters/cl01tl/helm/talos/templates/config.yaml index 8a6168289..53b71833f 100644 --- a/clusters/cl01tl/helm/talos/templates/config.yaml +++ b/clusters/cl01tl/helm/talos/templates/config.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-prune-script - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} data: prune.sh: | DATE_RANGE=$(date -d @$(( $(date +%s) - $DATE_RANGE_SECONDS )) +%Y-%m-%dT%H:%M:%SZ); diff --git a/clusters/cl01tl/helm/talos/templates/external-secret.yaml b/clusters/cl01tl/helm/talos/templates/external-secret.yaml index b625b664c..aff367831 100644 --- a/clusters/cl01tl/helm/talos/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/talos/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-etcd-backup-local-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -41,8 +40,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-etcd-backup-remote-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -77,8 +75,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-etcd-backup-external-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -113,8 +110,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-backup-ntfy-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -141,8 +137,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-etcd-defrag-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/talos/templates/secret.yaml b/clusters/cl01tl/helm/talos/templates/secret.yaml index b54ee3464..8c1b72257 100644 --- a/clusters/cl01tl/helm/talos/templates/secret.yaml +++ b/clusters/cl01tl/helm/talos/templates/secret.yaml @@ -5,7 +5,6 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-backup-secrets - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} annotations: kubernetes.io/service-account.name: talos-backup-secrets diff --git a/clusters/cl01tl/helm/talos/templates/service-account.yaml b/clusters/cl01tl/helm/talos/templates/service-account.yaml index 60e9a89ed..605a45acd 100644 --- a/clusters/cl01tl/helm/talos/templates/service-account.yaml +++ b/clusters/cl01tl/helm/talos/templates/service-account.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: talos-backup-secrets - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: roles: - os:etcd:backup diff --git a/clusters/cl01tl/helm/tdarr/templates/_helpers.tpl b/clusters/cl01tl/helm/tdarr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/tdarr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml index f86557f72..4b76fae0b 100644 --- a/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: tdarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: tdarr-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml index c3da6a310..7417aefd8 100644 --- a/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: tdarr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/traefik/templates/_helpers.tpl b/clusters/cl01tl/helm/traefik/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/traefik/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/traefik/templates/namespace.yaml b/clusters/cl01tl/helm/traefik/templates/namespace.yaml index 99f864e62..a053774e0 100644 --- a/clusters/cl01tl/helm/traefik/templates/namespace.yaml +++ b/clusters/cl01tl/helm/traefik/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: traefik labels: app.kubernetes.io/name: traefik - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl b/clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml index 539c94283..1836d11ba 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: elasticsearch-tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: # renovate: datasource=docker depName=elasticsearch version: 9.3.3 diff --git a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml index 743df7e10..a1ff4fb23 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: tubearchivist-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -29,8 +28,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: tubearchivist-elasticsearch-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -57,8 +55,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: tubearchivist-wireguard-conf - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml b/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml index 0f2687e94..d5f39b622 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml @@ -4,8 +4,7 @@ metadata: name: tubearchivist labels: app.kubernetes.io/name: tubearchivist - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml index 6c8dcc160..831e2ac58 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: tubearchivist-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: tubearchivist-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml index 62bab667a..c0946d4ed 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: tubearchivist-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl b/clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml index 81e691f28..16d085afd 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: unpackerr-key-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml index 8d6232ee0..5fb701984 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: unpackerr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: unpackerr-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml index d49f8056e..d633dedd7 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: unpackerr-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/unpoller/templates/_helpers.tpl b/clusters/cl01tl/helm/unpoller/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/unpoller/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml index 9e355be95..5eb1bb4b2 100644 --- a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: unpoller-unifi-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/vault/templates/_helpers.tpl b/clusters/cl01tl/helm/vault/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/vault/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/vault/templates/config-map.yaml b/clusters/cl01tl/helm/vault/templates/config-map.yaml index 235d1d5ad..3db525447 100644 --- a/clusters/cl01tl/helm/vault/templates/config-map.yaml +++ b/clusters/cl01tl/helm/vault/templates/config-map.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-snapshot-script - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} data: snapshot.sh: | DATE=$(date +"%Y%m%d-%H-%M") @@ -72,8 +71,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-backup-script - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} data: backup.sh: | echo " "; diff --git a/clusters/cl01tl/helm/vault/templates/external-secret.yaml b/clusters/cl01tl/helm/vault/templates/external-secret.yaml index 02eca8ca1..1f6df90eb 100644 --- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-snapshot-agent-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -29,8 +28,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-s3cmd-local-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -53,8 +51,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-s3cmd-remote-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -77,8 +74,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-s3cmd-external-config - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -101,8 +97,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-backup-ntfy-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -129,8 +124,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-config-1 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -161,8 +155,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-config-2 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -193,8 +186,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-unseal-config-3 - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -225,8 +217,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-token - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/vault/templates/http-route.yaml b/clusters/cl01tl/helm/vault/templates/http-route.yaml index 8d64a8846..f849fc6ae 100644 --- a/clusters/cl01tl/helm/vault/templates/http-route.yaml +++ b/clusters/cl01tl/helm/vault/templates/http-route.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: parentRefs: - group: gateway.networking.k8s.io diff --git a/clusters/cl01tl/helm/vault/templates/ingress.yaml b/clusters/cl01tl/helm/vault/templates/ingress.yaml index 878705702..213450d0d 100644 --- a/clusters/cl01tl/helm/vault/templates/ingress.yaml +++ b/clusters/cl01tl/helm/vault/templates/ingress.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-tailscale - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} tailscale.com/proxy-class: no-metrics annotations: tailscale.com/experimental-forward-cluster-traffic-via-ingress: "true" diff --git a/clusters/cl01tl/helm/vault/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/vault/templates/persistent-volume-claim.yaml index d5791f361..50c9e48e8 100644 --- a/clusters/cl01tl/helm/vault/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/vault/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vault-storage-backup - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeMode: Filesystem storageClassName: ceph-filesystem diff --git a/clusters/cl01tl/helm/vaultwarden/templates/_helpers.tpl b/clusters/cl01tl/helm/vaultwarden/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/vaultwarden/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml index 958e974b4..669c08ca3 100644 --- a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: vaultwarden-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/version-checker/templates/_helpers.tpl b/clusters/cl01tl/helm/version-checker/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/version-checker/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml b/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml index 7fd6f7ce0..0fb56f4ea 100644 --- a/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml +++ b/clusters/cl01tl/helm/version-checker/templates/service-monitor.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: version-checker - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: selector: matchLabels: diff --git a/clusters/cl01tl/helm/volsync/templates/_helpers.tpl b/clusters/cl01tl/helm/volsync/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/volsync/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/volsync/templates/prometheus-rule.yaml b/clusters/cl01tl/helm/volsync/templates/prometheus-rule.yaml index e19ac6b2c..2619b8f68 100644 --- a/clusters/cl01tl/helm/volsync/templates/prometheus-rule.yaml +++ b/clusters/cl01tl/helm/volsync/templates/prometheus-rule.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: volsync - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: groups: - name: volsync.rules diff --git a/clusters/cl01tl/helm/volsync/templates/service-monitor.yaml b/clusters/cl01tl/helm/volsync/templates/service-monitor.yaml index c78d5ef3e..9a0058cee 100644 --- a/clusters/cl01tl/helm/volsync/templates/service-monitor.yaml +++ b/clusters/cl01tl/helm/volsync/templates/service-monitor.yaml @@ -5,8 +5,7 @@ metadata: labels: control-plane: volsync-controller app.kubernetes.io/name: volsync - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: endpoints: - interval: 30s diff --git a/clusters/cl01tl/helm/whodb/templates/_helpers.tpl b/clusters/cl01tl/helm/whodb/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/whodb/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/yamtrack/templates/_helpers.tpl b/clusters/cl01tl/helm/yamtrack/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/yamtrack/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml index 1f6f5ebb7..8df459d64 100644 --- a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: yamtrack-config-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore @@ -25,8 +24,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: yamtrack-oidc-secret - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore diff --git a/clusters/cl01tl/helm/yubal/templates/_helpers.tpl b/clusters/cl01tl/helm/yubal/templates/_helpers.tpl new file mode 100644 index 000000000..10688fcef --- /dev/null +++ b/clusters/cl01tl/helm/yubal/templates/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* +Common labels +*/}} +{{- define "custom.labels" -}} +{{ include "custom.selectorLabels" $ }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "custom.selectorLabels" -}} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/part-of: {{ .Release.Name }} +{{- end }} diff --git a/clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml index ddedfb48a..99327471b 100644 --- a/clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/yubal/templates/persistent-volume-claim.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: yubal-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: volumeName: yubal-nfs-storage storageClassName: nfs-client diff --git a/clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml b/clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml index 8426d7768..b9b5d0930 100644 --- a/clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/yubal/templates/persistent-volume.yaml @@ -5,8 +5,7 @@ metadata: namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: yubal-nfs-storage - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/part-of: {{ .Release.Name }} + {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain storageClassName: nfs-client -- 2.49.1 From 1d8c2c94ffff66fdf6c376654684515f4b6e235e Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Tue, 21 Apr 2026 21:13:37 -0500 Subject: [PATCH 02/12] feat: add more --- clusters/cl01tl/helm/harbor/values.yaml | 8 +- .../karakeep/templates/external-secret.yaml | 87 ++++++++++++------- clusters/cl01tl/helm/karakeep/values.yaml | 24 +++-- .../cl01tl/helm/kiwix/templates/_helpers.tpl | 7 ++ .../templates/persistent-volume-claim.yaml | 6 +- .../kiwix/templates/persistent-volume.yaml | 4 +- .../komodo/templates/external-secret.yaml | 33 +++++-- clusters/cl01tl/helm/komodo/values.yaml | 8 +- 8 files changed, 114 insertions(+), 63 deletions(-) diff --git a/clusters/cl01tl/helm/harbor/values.yaml b/clusters/cl01tl/helm/harbor/values.yaml index 3179f922a..210985f6d 100644 --- a/clusters/cl01tl/helm/harbor/values.yaml +++ b/clusters/cl01tl/helm/harbor/values.yaml @@ -5,10 +5,10 @@ harbor: enabled: false route: parentRefs: - group: gateway.networking.k8s.io - kind: Gateway - name: traefik-gateway - namespace: traefik + - group: gateway.networking.k8s.io + kind: Gateway + name: traefik-gateway + namespace: traefik hosts: - harbor.alexlebens.net externalURL: https://harbor.alexlebens.net diff --git a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml index a809456c8..5c3a49b0a 100644 --- a/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/karakeep/templates/external-secret.yaml @@ -1,7 +1,26 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: karakeep-key-secret + name: karakeep-key + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: karakeep-key + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: key + remoteRef: + key: /cl01tl/karakeep/key + property: key + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: karakeep-metric-token namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: karakeep-key-secret @@ -9,38 +28,53 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: key - remoteRef: - key: /cl01tl/karakeep/key - property: key - secretKey: prometheus-token remoteRef: - key: /cl01tl/karakeep/key - property: prometheus-token + key: /cl01tl/karakeep/metrics + property: token --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: karakeep-oidc-secret + name: karakeep-meilisearch-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: karakeep-oidc-secret + app.kubernetes.io/name: karakeep-meilisearch-key {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao + data: + - secretKey: MEILI_MASTER_KEY + remoteRef: + key: /cl01tl/karakeep/meilisearch + property: master-key + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: karakeep-oidc-authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: karakeep-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao data: - secretKey: AUTHENTIK_CLIENT_ID remoteRef: - key: /authentik/oidc/karakeep + key: /cl01tl/authentik/oidc/karakeep property: client - secretKey: AUTHENTIK_CLIENT_SECRET remoteRef: - key: /authentik/oidc/karakeep + key: /cl01tl/authentik/oidc/karakeep property: secret --- @@ -55,7 +89,7 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ACCESS_KEY_ID remoteRef: @@ -69,22 +103,11 @@ spec: remoteRef: key: /garage/home-infra/karakeep-assets property: ACCESS_REGION - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: karakeep-meilisearch-master-key-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: karakeep-meilisearch-master-key-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: MEILI_MASTER_KEY + - secretKey: BUCKET remoteRef: - key: /cl01tl/karakeep/meilisearch - property: MEILI_MASTER_KEY + key: /garage/home-infra/karakeep-assets + property: BUCKET + - secretKey: ENDPOINT + remoteRef: + key: /garage/config + property: ENDPOINT_LOCAL diff --git a/clusters/cl01tl/helm/karakeep/values.yaml b/clusters/cl01tl/helm/karakeep/values.yaml index 12d3e2461..c8469b515 100644 --- a/clusters/cl01tl/helm/karakeep/values.yaml +++ b/clusters/cl01tl/helm/karakeep/values.yaml @@ -19,22 +19,28 @@ karakeep: - name: NEXTAUTH_SECRET valueFrom: secretKeyRef: - name: karakeep-key-secret + name: karakeep-key key: key - name: PROMETHEUS_AUTH_TOKEN valueFrom: secretKeyRef: - name: karakeep-key-secret + name: karakeep-metric-token key: prometheus-token - name: ASSET_STORE_S3_ENDPOINT - value: http://garage-main.garage:3900 + valueFrom: + secretKeyRef: + name: karakeep-bucket-garage + key: ENDPOINT - name: ASSET_STORE_S3_REGION valueFrom: secretKeyRef: name: karakeep-bucket-garage key: ACCESS_REGION - name: ASSET_STORE_S3_BUCKET - value: karakeep-assets + valueFrom: + secretKeyRef: + name: karakeep-bucket-garage + key: BUCKET - name: ASSET_STORE_S3_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -52,7 +58,7 @@ karakeep: - name: MEILI_MASTER_KEY valueFrom: secretKeyRef: - name: karakeep-meilisearch-master-key-secret + name: karakeep-meilisearch-key key: MEILI_MASTER_KEY - name: BROWSER_WEB_URL value: http://karakeep.karakeep:9222 @@ -67,12 +73,12 @@ karakeep: - name: OAUTH_CLIENT_ID valueFrom: secretKeyRef: - name: karakeep-oidc-secret + name: karakeep-oidc-authentik key: AUTHENTIK_CLIENT_ID - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: karakeep-oidc-secret + name: karakeep-oidc-authentik key: AUTHENTIK_CLIENT_SECRET - name: OLLAMA_BASE_URL value: http://ollama-server-3.ollama:11434 @@ -126,7 +132,7 @@ karakeep: authorization: credentials: key: prometheus-token - name: karakeep-key-secret + name: karakeep-metric-token persistence: data: forceRename: karakeep @@ -144,7 +150,7 @@ meilisearch: MEILI_ENV: production MEILI_EXPERIMENTAL_DUMPLESS_UPGRADE: true auth: - existingMasterKeySecret: karakeep-meilisearch-master-key-secret + existingMasterKeySecret: karakeep-meilisearch-key persistence: enabled: true storageClass: ceph-block diff --git a/clusters/cl01tl/helm/kiwix/templates/_helpers.tpl b/clusters/cl01tl/helm/kiwix/templates/_helpers.tpl index 10688fcef..a2ec9030d 100644 --- a/clusters/cl01tl/helm/kiwix/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/kiwix/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +kiwix-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml index 9345de883..7652a28b7 100644 --- a/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/kiwix/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: kiwix-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: kiwix-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: kiwix-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml b/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml index 9e50301a4..787527cad 100644 --- a/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/kiwix/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: kiwix-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: kiwix-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml index 32572bab6..741cbbb2d 100644 --- a/clusters/cl01tl/helm/komodo/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/komodo/templates/external-secret.yaml @@ -9,27 +9,42 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: passkey remoteRef: - key: /cl01tl/komodo/config + key: /cl01tl/komodo/key property: passkey - secretKey: jwt remoteRef: - key: /cl01tl/komodo/config + key: /cl01tl/komodo/key property: jwt - secretKey: webhook remoteRef: - key: /cl01tl/komodo/config + key: /cl01tl/komodo/key property: webhook - - secretKey: oidc-client-id + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: komodo-oidc-authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: komodo-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: client remoteRef: - key: /authentik/oidc/komodo + key: /cl01tl/authentik/oidc/komodo property: client - - secretKey: oidc-client-secret + - secretKey: secret remoteRef: - key: /authentik/oidc/komodo + key: /cl01tl/authentik/oidc/komodo property: secret --- @@ -44,7 +59,7 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: uri remoteRef: diff --git a/clusters/cl01tl/helm/komodo/values.yaml b/clusters/cl01tl/helm/komodo/values.yaml index 43ed6f992..a7f39e843 100644 --- a/clusters/cl01tl/helm/komodo/values.yaml +++ b/clusters/cl01tl/helm/komodo/values.yaml @@ -68,13 +68,13 @@ komodo: - name: KOMODO_OIDC_CLIENT_ID valueFrom: secretKeyRef: - name: komodo-secret - key: oidc-client-id + name: komodo-oidc-authentik + key: client - name: KOMODO_OIDC_CLIENT_SECRET valueFrom: secretKeyRef: - name: komodo-secret - key: oidc-client-secret + name: komodo-oidc-authentik + key: secret - name: KOMODO_OIDC_USE_FULL_EMAIL value: true resources: -- 2.49.1 From 1c7926f18750394ecd367c64f6e43373c7f430b9 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 15:50:19 -0500 Subject: [PATCH 03/12] feat: add prom --- .../templates/external-secret.yaml | 43 +++++-------------- .../templates/namespace.yaml | 4 +- .../templates/scrape-config.yaml | 2 +- .../templates/secret-provider-class.yaml | 18 ++++++++ .../helm/kube-prometheus-stack/values.yaml | 19 ++++++-- 5 files changed, 46 insertions(+), 40 deletions(-) create mode 100644 clusters/cl01tl/helm/kube-prometheus-stack/templates/secret-provider-class.yaml diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml index f5fe5f7ec..8530381a4 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/external-secret.yaml @@ -1,59 +1,36 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: alertmanager-config-secret + name: alertmanager-ntfy-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: alertmanager-config-secret + app.kubernetes.io/name: alertmanager-ntfy-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ntfy_password remoteRef: - key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - property: ntfy_password + key: / cl01tl/ntfy/users/cl01tl + property: password --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: garage-metric-secret + name: garage-metric-token namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: garage-metric-secret + app.kubernetes.io/name: garage-metric-token {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: token remoteRef: - key: /garage/token - property: metric - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: ntfy-alertmanager-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: ntfy-alertmanager-config-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: ntfy_password - remoteRef: - key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - property: ntfy_password - - secretKey: config - remoteRef: - key: /cl01tl/kube-prometheus-stack/ntfy-alertmanager - property: config + key: /ps10rp/garage/config + property: metrics-token diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml index d11082f59..bbbe36926 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: kube-prometheus-stack + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: kube-prometheus-stack + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml index 61b597302..744bd251e 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/scrape-config.yaml @@ -74,4 +74,4 @@ spec: type: Bearer credentials: key: token - name: garage-metric-secret + name: garage-metric-token diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/templates/secret-provider-class.yaml new file mode 100644 index 000000000..a2ddb1ce2 --- /dev/null +++ b/clusters/cl01tl/helm/kube-prometheus-stack/templates/secret-provider-class.yaml @@ -0,0 +1,18 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: ntfy-alertmanager-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: ntfy-alertmanager-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: ntfy-alertmanager + objects: | + - objectName: config + fileName: config + secretPath: secret/data/cl01tl/kube-prometheus-stack/ntfy-alertmanager + secretKey: config diff --git a/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml b/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml index cdb335750..f34a9f287 100644 --- a/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml +++ b/clusters/cl01tl/helm/kube-prometheus-stack/values.yaml @@ -43,7 +43,7 @@ kube-prometheus-stack: namespace: traefik alertmanagerSpec: secrets: - - alertmanager-config-secret + - alertmanager-ntfy-config grafana: enabled: false kubeApiServer: @@ -120,11 +120,18 @@ ntfy-alertmanager: main: type: deployment replicas: 1 + strategy: Recreate + serviceAccount: + name: ntfy-alertmanager containers: main: image: repository: xenrox/ntfy-alertmanager tag: 1.0.0@sha256:81788c7905774b7b0b2ed6833b2bc4826a90a42e4b738706edcedd5f489e7a73 + serviceAccount: + ntfy-alertmanager: + enabled: true + staticToken: true service: main: controller: main @@ -134,9 +141,13 @@ ntfy-alertmanager: targetPort: 8080 persistence: config: - enabled: true - type: secret - name: ntfy-alertmanager-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: ntfy-alertmanager-config advancedMounts: main: main: -- 2.49.1 From 2711aa178205b6669f55ed5a23c4b99d23806d42 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 15:55:48 -0500 Subject: [PATCH 04/12] feat: add kubelet-cerT --- .../templates/_helpers.tpl | 10 ++++++++++ .../templates/cluster-role-binding.yaml | 2 +- .../templates/cluster-role.yaml | 8 ++++---- .../templates/namespace.yaml | 10 +++++----- .../templates/role-binding.yaml | 6 +++--- 5 files changed, 23 insertions(+), 13 deletions(-) diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl index 10688fcef..14b244779 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/_helpers.tpl @@ -12,3 +12,13 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +ClusterRole names +*/}} +{{- define "custom.certificatesName" -}} +"certificates-{{ .Release.Name }}" +{{- end -}} +{{- define "custom.eventsName" -}} +"events-{{ .Release.Name }}" +{{- end -}} diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml index 74c65abd8..8f36dc0a1 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role-binding.yaml @@ -9,7 +9,7 @@ metadata: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: "certificates-{{ .Release.Name }}" + name: {{ include "custom.certificatesName" . }} subjects: - kind: ServiceAccount name: kubelet-serving-cert-approver diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml index 8830b6c6b..e1bd156c1 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/cluster-role.yaml @@ -1,10 +1,10 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: "certificates-{{ .Release.Name }}" + name: {{ include "custom.certificatesName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: "certificates-{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "custom.certificatesName" . }} {{- include "custom.labels" . | nindent 4 }} rules: - apiGroups: @@ -40,10 +40,10 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - name: "events-{{ .Release.Name }}" + name: {{ include "custom.eventsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: "events-{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "custom.eventsName" . }} {{- include "custom.labels" . | nindent 4 }} rules: - apiGroups: diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml index 2d4653698..bbbe36926 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/namespace.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: Namespace metadata: - name: kubelet-serving-cert-approver + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: kubelet-serving-cert-approver + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} - pod-security.kubernetes.io/audit: restricted - pod-security.kubernetes.io/enforce: restricted - pod-security.kubernetes.io/warn: restricted + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged diff --git a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml index afdc6c55b..14f977224 100644 --- a/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml +++ b/clusters/cl01tl/helm/kubelet-serving-cert-approver/templates/role-binding.yaml @@ -1,15 +1,15 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: "events-{{ .Release.Name }}" + name: {{ include "custom.eventsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: "events-{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "custom.eventsName" . }} {{- include "custom.labels" . | nindent 4 }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: "events-{{ .Release.Name }}" + name: {{ include "custom.eventsName" . }} subjects: - kind: ServiceAccount name: kubelet-serving-cert-approver -- 2.49.1 From 860c8e3b0449e1a881f7d0cc25ce2370c3dab0f9 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 16:30:51 -0500 Subject: [PATCH 05/12] feat: add more --- clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml | 2 +- .../templates/external-secret.yaml | 2 +- clusters/cl01tl/helm/libation/Chart.yaml | 2 +- clusters/cl01tl/helm/libation/templates/_helpers.tpl | 7 +++++++ .../helm/libation/templates/persistent-volume-claim.yaml | 6 +++--- .../cl01tl/helm/libation/templates/persistent-volume.yaml | 4 ++-- clusters/cl01tl/helm/lidarr/templates/_helpers.tpl | 7 +++++++ .../helm/lidarr/templates/persistent-volume-claim.yaml | 6 +++--- .../cl01tl/helm/lidarr/templates/persistent-volume.yaml | 4 ++-- .../helm/local-path-provisioner/templates/namespace.yaml | 4 ++-- clusters/cl01tl/helm/loki/templates/namespace.yaml | 4 ++-- 11 files changed, 31 insertions(+), 17 deletions(-) diff --git a/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml index 78e868ae6..0ec32a26c 100644 --- a/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml +++ b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/Chart.yaml @@ -6,7 +6,7 @@ keywords: - kubernetes-cloudflare-ddns - ddns - job -home: https://docs.alexlebens.dev/applications/kubelet-serving-cert-approver/ +home: https://docs.alexlebens.dev/applications/kubernetes-cloudflare-ddns/ sources: - https://github.com/kubitodev/kubernetes-cloudflare-ddns - https://hub.docker.com/r/kubitodev/kubernetes-cloudflare-ddns diff --git a/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml index 593ce0c81..eba9ea0cf 100644 --- a/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/kubernetes-cloudflare-ddns/templates/external-secret.yaml @@ -9,7 +9,7 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: AUTH_KEY remoteRef: diff --git a/clusters/cl01tl/helm/libation/Chart.yaml b/clusters/cl01tl/helm/libation/Chart.yaml index 2fe121b93..796ed3770 100644 --- a/clusters/cl01tl/helm/libation/Chart.yaml +++ b/clusters/cl01tl/helm/libation/Chart.yaml @@ -6,7 +6,7 @@ keywords: - libation - audible - job -home: https://docs.alexlebens.dev/applications/languagetool/ +home: https://docs.alexlebens.dev/applications/libation/ sources: - https://github.com/rmcrackan/Libation - https://hub.docker.com/r/rmcrackan/libation diff --git a/clusters/cl01tl/helm/libation/templates/_helpers.tpl b/clusters/cl01tl/helm/libation/templates/_helpers.tpl index 10688fcef..1567c77c9 100644 --- a/clusters/cl01tl/helm/libation/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/libation/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +libation-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml index 21a9df98f..7652a28b7 100644 --- a/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/libation/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: libation-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: libation-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: libation-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml b/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml index 495de2253..7fb8b215d 100644 --- a/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/libation/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: libation-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: libation-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/lidarr/templates/_helpers.tpl b/clusters/cl01tl/helm/lidarr/templates/_helpers.tpl index 10688fcef..e12a5d3a3 100644 --- a/clusters/cl01tl/helm/lidarr/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/lidarr/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +lidarr-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml index 1c0617c89..7652a28b7 100644 --- a/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/lidarr/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: lidarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: lidarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: lidarr-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml index d1fe2a868..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/lidarr/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: lidarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: lidarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml b/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml index 6587103c2..bbbe36926 100644 --- a/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml +++ b/clusters/cl01tl/helm/local-path-provisioner/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: local-path-provisioner + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: local-path-provisioner + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/loki/templates/namespace.yaml b/clusters/cl01tl/helm/loki/templates/namespace.yaml index 793925bd9..bbbe36926 100644 --- a/clusters/cl01tl/helm/loki/templates/namespace.yaml +++ b/clusters/cl01tl/helm/loki/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: loki + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: loki + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged -- 2.49.1 From ea97d5726c659f7db5bd8c9742e7c6370240327c Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 17:19:58 -0500 Subject: [PATCH 06/12] feat: add matrix synapse --- .../matrix-synapse/templates/_helpers.tpl | 7 + .../templates/external-secret.yaml | 137 ++---------------- .../templates/secret-provider-class.yaml | 114 +++++++++++++++ .../templates/service-account.yaml | 8 + .../cl01tl/helm/matrix-synapse/values.yaml | 131 +++++++---------- 5 files changed, 187 insertions(+), 210 deletions(-) create mode 100644 clusters/cl01tl/helm/matrix-synapse/templates/secret-provider-class.yaml create mode 100644 clusters/cl01tl/helm/matrix-synapse/templates/service-account.yaml diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl b/clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl index 10688fcef..838a01f34 100644 --- a/clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/matrix-synapse/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.serviceAccountName" -}} +matrix-synapse +{{- end -}} diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml b/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml index 02b79d5ea..838b68083 100644 --- a/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/templates/external-secret.yaml @@ -1,159 +1,40 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: matrix-synapse-config-secret + name: matrix-synapse-signing-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: matrix-synapse-config-secret + app.kubernetes.io/name: matrix-synapse-signing-key {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault - data: - - secretKey: oidc.yaml - remoteRef: - key: /cl01tl/matrix-synapse/config - property: oidc.yaml - - secretKey: config.yaml - remoteRef: - key: /cl01tl/matrix-synapse/config - property: config.yaml - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-signingkey - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-signingkey - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: signing.key remoteRef: - key: /cl01tl/matrix-synapse/config + key: /cl01tl/matrix-synapse/key property: signing-key --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: matrix-hookshot-config-secret + name: matrix-synapse-valkey-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: matrix-hookshot-config-secret + app.kubernetes.io/name: matrix-synapse-valkey-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault - data: - - secretKey: config.yml - remoteRef: - key: /cl01tl/matrix-synapse/hookshot - property: config - - secretKey: registration.yml - remoteRef: - key: /cl01tl/matrix-synapse/hookshot - property: registration - - secretKey: hookshot-registration.yaml - remoteRef: - key: /cl01tl/matrix-synapse/hookshot - property: registration - - secretKey: passkey.pem - remoteRef: - key: /cl01tl/matrix-synapse/hookshot - property: passkey - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: mautrix-discord-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ .Release.Name }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.yaml - remoteRef: - key: /cl01tl/matrix-synapse/mautrix-discord - property: config - - secretKey: mautrix-discord-registration.yaml - remoteRef: - key: /cl01tl/matrix-synapse/mautrix-discord - property: registration - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: mautrix-whatsapp-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: mautrix-whatsapp-config-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config.yaml - remoteRef: - key: /cl01tl/matrix-synapse/mautrix-whatsapp - property: config - - secretKey: mautrix-whatsapp-registration.yaml - remoteRef: - key: /cl01tl/matrix-synapse/mautrix-whatsapp - property: registration - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: double-puppet-registration-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: double-puppet-registration-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: double-puppet-registration.yaml - remoteRef: - key: /cl01tl/matrix-synapse/double-puppet - property: registration - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: matrix-synapse-valkey-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: matrix-synapse-valkey-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: default remoteRef: - key: /cl01tl/matrix-synapse/redis + key: /cl01tl/matrix-synapse/valkey property: password - secretKey: password remoteRef: - key: /cl01tl/matrix-synapse/redis + key: /cl01tl/matrix-synapse/valkey property: password diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/matrix-synapse/templates/secret-provider-class.yaml new file mode 100644 index 000000000..ddf8f3796 --- /dev/null +++ b/clusters/cl01tl/helm/matrix-synapse/templates/secret-provider-class.yaml @@ -0,0 +1,114 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: matrix-synapse-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-synapse-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: matrix-synapse + objects: | + - objectName: config.yaml + fileName: config.yaml + secretPath: secret/data/cl01tl/matrix-synapse/config + secretKey: config.yaml + - objectName: oidc.yaml + fileName: oidc.yaml + secretPath: secret/data/cl01tl/matrix-synapse/config + secretKey: oidc.yaml + - objectName: hookshot-registration.yaml + fileName: hookshot-registration.yaml + secretPath: secret/data/cl01tl/matrix-synapse/hookshot + secretKey: hookshot-registration.yaml + - objectName: mautrix-discord-registration.yaml + fileName: mautrix-discord-registration.yaml + secretPath: secret/data/cl01tl/matrix-synapse/mautrix-discord + secretKey: mautrix-discord-registration.yaml + - objectName: mautrix-whatsapp-registration.yaml + fileName: mautrix-whatsapp-registration.yaml + secretPath: secret/data/cl01tl/matrix-synapse/mautrix-whatsapp + secretKey: mautrix-whatsapp-registration.yaml + - objectName: double-puppet-registration.yaml + fileName: double-puppet-registration.yaml + secretPath: secret/data/cl01tl/matrix-synapse/double-puppet + secretKey: double-puppet-registration.yaml + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: matrix-hookshot-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: matrix-hookshot-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: matrix-synapse + objects: | + - objectName: config.yml + fileName: config.yml + secretPath: secret/data/cl01tl/matrix-synapse/hookshot + secretKey: config.yml + - objectName: registration.yml + fileName: registration.yml + secretPath: secret/data/cl01tl/matrix-synapse/hookshot + secretKey: hookshot-registration.yaml + - objectName: passkey.pem + fileName: passkey.pem + secretPath: secret/data/cl01tl/matrix-synapse/hookshot + secretKey: passkey.pem + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: mautrix-discord-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-discord-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: matrix-synapse + objects: | + - objectName: config.yaml + fileName: config.yaml + secretPath: secret/data/cl01tl/matrix-synapse/mautrix-discord + secretKey: config.yaml + - objectName: mautrix-discord-registration.yaml + fileName: mautrix-discord-registration.yaml + secretPath: secret/data/cl01tl/matrix-synapse/mautrix-discord + secretKey: mautrix-discord-registration.yaml + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: mautrix-whatsapp-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: mautrix-whatsapp-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: matrix-synapse + objects: | + - objectName: config.yaml + fileName: config.yaml + secretPath: secret/data/cl01tl/matrix-synapse/mautrix-whatsapp + secretKey: config.yaml + - objectName: mautrix-whatsapp-registration.yaml + fileName: mautrix-whatsapp-registration.yaml + secretPath: secret/data/cl01tl/matrix-synapse/mautrix-whatsapp + secretKey: mautrix-whatsapp-registration.yaml diff --git a/clusters/cl01tl/helm/matrix-synapse/templates/service-account.yaml b/clusters/cl01tl/helm/matrix-synapse/templates/service-account.yaml new file mode 100644 index 000000000..5db759b3e --- /dev/null +++ b/clusters/cl01tl/helm/matrix-synapse/templates/service-account.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "custom.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "custom.serviceAccountName" . }} + {{- include "custom.labels" . | nindent 4 }} diff --git a/clusters/cl01tl/helm/matrix-synapse/values.yaml b/clusters/cl01tl/helm/matrix-synapse/values.yaml index d2c6ae39b..c91ffc81a 100644 --- a/clusters/cl01tl/helm/matrix-synapse/values.yaml +++ b/clusters/cl01tl/helm/matrix-synapse/values.yaml @@ -8,7 +8,7 @@ matrix-synapse: signingkey: job: enabled: false - existingSecret: matrix-synapse-signingkey + existingSecret: matrix-synapse-signing-key existingSecretKey: signing.key config: reportStats: false @@ -37,45 +37,16 @@ matrix-synapse: strategy: type: Recreate extraVolumes: - - name: matrix-synapse-config-secret - secret: - secretName: matrix-synapse-config-secret - - name: matrix-hookshot-config-secret - secret: - secretName: matrix-hookshot-config-secret - - name: mautrix-discord-config-secret - secret: - secretName: mautrix-discord-config-secret - - name: mautrix-whatsapp-config-secret - secret: - secretName: mautrix-whatsapp-config-secret - - name: double-puppet-registration-secret - secret: - secretName: double-puppet-registration-secret + - name: config + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: matrix-synapse-config extraVolumeMounts: - - name: matrix-synapse-config-secret - mountPath: /synapse/config/conf.d/oidc.yaml - subPath: oidc.yaml - readOnly: true - - name: matrix-synapse-config-secret - mountPath: /synapse/config/conf.d/config.yaml - subPath: config.yaml - readOnly: true - - name: matrix-hookshot-config-secret - mountPath: /synapse/config/conf.d/hookshot-registration.yaml - subPath: hookshot-registration.yaml - readOnly: true - - name: mautrix-discord-config-secret - mountPath: /synapse/config/conf.d/mautrix-discord-registration.yaml - subPath: mautrix-discord-registration.yaml - readOnly: true - - name: mautrix-whatsapp-config-secret - mountPath: /synapse/config/conf.d/mautrix-whatsapp-registration.yaml - subPath: mautrix-whatsapp-registration.yaml - readOnly: true - - name: double-puppet-registration-secret - mountPath: /synapse/config/conf.d/double-puppet-registration.yaml - subPath: double-puppet-registration.yaml + - name: config + mountPath: /synapse/config/conf.d + mountPropagation: None readOnly: true resources: requests: @@ -120,7 +91,7 @@ matrix-synapse: externalRedis: host: matrix-synapse-valkey port: 6379 - existingSecret: matrix-synapse-valkey-secret + existingSecret: matrix-synapse-valkey-config existingSecretPasswordKey: password persistence: enabled: true @@ -186,9 +157,13 @@ matrix-hookshot: path: /metrics persistence: config: - enabled: true - type: secret - name: matrix-hookshot-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: matrix-hookshot-config advancedMounts: main: main: @@ -197,9 +172,13 @@ matrix-hookshot: mountPropagation: None subPath: config.yml registration: - enabled: true - type: secret - name: matrix-hookshot-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: matrix-hookshot-config advancedMounts: main: main: @@ -208,9 +187,13 @@ matrix-hookshot: mountPropagation: None subPath: registration.yml passkey: - enabled: true - type: secret - name: matrix-hookshot-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: matrix-hookshot-config advancedMounts: main: main: @@ -270,27 +253,19 @@ mautrix-discord: targetPort: 29334 persistence: config: - enabled: true - type: secret - name: mautrix-discord-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: mautrix-discord-config advancedMounts: main: init-copy-config: - - path: /tmp/config.yaml + - path: /tmp readOnly: true mountPropagation: None - subPath: config.yaml - registration: - enabled: true - type: secret - name: mautrix-discord-config-secret - advancedMounts: - main: - init-copy-config: - - path: /tmp/mautrix-discord-registration.yaml - readOnly: true - mountPropagation: None - subPath: mautrix-discord-registration.yaml data: forceRename: mautrix-discord storageClass: ceph-block @@ -346,27 +321,19 @@ mautrix-whatsapp: targetPort: 29318 persistence: config: - enabled: true - type: secret - name: mautrix-whatsapp-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: mautrix-whatsapp-config advancedMounts: main: init-copy-config: - - path: /tmp/config.yaml + - path: /tmp readOnly: true mountPropagation: None - subPath: config.yaml - registration: - enabled: true - type: secret - name: mautrix-whatsapp-config-secret - advancedMounts: - main: - init-copy-config: - - path: /tmp/mautrix-whatsapp-registration.yaml - readOnly: true - mountPropagation: None - subPath: mautrix-whatsapp-registration.yaml data: forceRename: mautrix-whatsapp storageClass: ceph-block @@ -414,7 +381,7 @@ valkey-matrix-synapse: valkey: auth: enabled: true - usersExistingSecret: matrix-synapse-valkey-secret + usersExistingSecret: matrix-synapse-valkey-config aclUsers: default: permissions: "~* &* +@all" -- 2.49.1 From f0bd248799daf96287def8325392dde8ee80f8d5 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 17:44:05 -0500 Subject: [PATCH 07/12] feat: add more --- .../helm/medialyze/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +-- .../templates/persistent-volume.yaml | 4 +- .../helm/music-grabber/templates/_helpers.tpl | 7 +++ .../templates/external-secret.yaml | 45 +++---------------- .../templates/persistent-volume-claim.yaml | 6 +-- .../templates/persistent-volume.yaml | 4 +- .../helm/navidrome/templates/_helpers.tpl | 16 +++++++ .../templates/persistent-volume-claim.yaml | 24 +++++----- .../templates/persistent-volume.yaml | 16 +++---- .../templates/namespace.yaml | 4 +- .../helm/ntfy/templates/external-secret.yaml | 8 ++-- clusters/cl01tl/helm/ntfy/values.yaml | 2 +- 13 files changed, 74 insertions(+), 75 deletions(-) diff --git a/clusters/cl01tl/helm/medialyze/templates/_helpers.tpl b/clusters/cl01tl/helm/medialyze/templates/_helpers.tpl index 10688fcef..aad537d7f 100644 --- a/clusters/cl01tl/helm/medialyze/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/medialyze/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +medialyze-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml index ed0420367..7652a28b7 100644 --- a/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/medialyze/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: medialyze-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: medialyze-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: medialyze-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml b/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml index 9e1fee702..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/medialyze/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: medialyze-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: medialyze-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl b/clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl index 10688fcef..58941a9c9 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/music-grabber/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +music-grabber-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml index 9b8bc4164..26a893d94 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/external-secret.yaml @@ -1,60 +1,29 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: music-grabber-config-secret + name: music-grabber-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: music-grabber-config-secret + app.kubernetes.io/name: music-grabber-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: navidrome-user remoteRef: - key: /cl01tl/navidrome/admin + key: /cl01tl/navidrome/users/admin property: user - secretKey: navidrome-password remoteRef: - key: /cl01tl/navidrome/admin + key: /cl01tl/navidrome/users/admin property: password - secretKey: slskd-user remoteRef: - key: /cl01tl/slskd/auth + key: /cl01tl/slskd/users/slskd property: user - secretKey: slskd-password remoteRef: - key: /cl01tl/slskd/auth + key: /cl01tl/slskd/users/slskd property: password - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: music-grabber-wireguard-conf - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: music-grabber-wireguard-conf - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: private-key - remoteRef: - key: /airvpn/conf/cl01tl - property: private-key - - secretKey: preshared-key - remoteRef: - key: /airvpn/conf/cl01tl - property: preshared-key - - secretKey: addresses - remoteRef: - key: /airvpn/conf/cl01tl - property: addresses - - secretKey: input-ports - remoteRef: - key: /airvpn/conf/cl01tl - property: input-ports diff --git a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml index 7d763994c..7652a28b7 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: music-grabber-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: music-grabber-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: music-grabber-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml index e07df3efe..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/music-grabber/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: music-grabber-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: music-grabber-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/navidrome/templates/_helpers.tpl b/clusters/cl01tl/helm/navidrome/templates/_helpers.tpl index 10688fcef..0a655e976 100644 --- a/clusters/cl01tl/helm/navidrome/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/navidrome/templates/_helpers.tpl @@ -12,3 +12,19 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageMusicNfsName" -}} +navidrome-music-nfs-storage +{{- end -}} +{{- define "custom.storageMusicYoutubeNfsName" -}} +navidrome-music-youtube-nfs-storage +{{- end -}} +{{- define "custom.storageMusicGrabberNfsName" -}} +navidrome-music-grabber-nfs-storage +{{- end -}} +{{- define "custom.storageMusicSingleNfsName" -}} +navidrome-music-single-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml index b5df7437a..831b62f1c 100644 --- a/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/navidrome/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: navidrome-music-nfs-storage + name: {{ include "custom.storageMusicNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: navidrome-music-nfs-storage + volumeName: {{ include "custom.storageMusicNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -19,13 +19,13 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: navidrome-music-youtube-nfs-storage + name: {{ include "custom.storageMusicYoutubeNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-youtube-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicYoutubeNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: navidrome-music-youtube-nfs-storage + volumeName: {{ include "custom.storageMusicYoutubeNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -37,13 +37,13 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: navidrome-music-grabber-nfs-storage + name: {{ include "custom.storageMusicGrabberNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-grabber-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicGrabberNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: navidrome-music-grabber-nfs-storage + volumeName: {{ include "custom.storageMusicGrabberNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -55,13 +55,13 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: navidrome-music-single-nfs-storage + name: {{ include "custom.storageMusicSingleNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-single-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicSingleNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: navidrome-music-single-nfs-storage + volumeName: {{ include "custom.storageMusicSingleNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml b/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml index 731881097..b4c08e52c 100644 --- a/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/navidrome/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: navidrome-music-nfs-storage + name: {{ include "custom.storageMusicNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain @@ -25,10 +25,10 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: navidrome-music-youtube-nfs-storage + name: {{ include "custom.storageMusicYoutubeNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-youtube-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicYoutubeNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain @@ -49,10 +49,10 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: navidrome-music-grabber-nfs-storage + name: {{ include "custom.storageMusicGrabberNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-grabber-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicGrabberNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain @@ -73,10 +73,10 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: navidrome-music-single-nfs-storage + name: {{ include "custom.storageMusicSingleNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: navidrome-music-single-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageMusicSingleNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml b/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml index aeb455db5..bbbe36926 100644 --- a/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml +++ b/clusters/cl01tl/helm/node-feature-discovery/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: node-feature-discovery + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: node-feature-discovery + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml b/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml index 7de6f187d..406a1b61d 100644 --- a/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/ntfy/templates/external-secret.yaml @@ -1,17 +1,17 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: ntfy-config-secret + name: ntfy-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: ntfy-config-secret + app.kubernetes.io/name: ntfy-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: attachment-cache-dir remoteRef: key: /garage/home-infra/ntfy-attachments - property: attachment-cache-dir + property: S3_URI diff --git a/clusters/cl01tl/helm/ntfy/values.yaml b/clusters/cl01tl/helm/ntfy/values.yaml index b3af80571..4bbe24305 100644 --- a/clusters/cl01tl/helm/ntfy/values.yaml +++ b/clusters/cl01tl/helm/ntfy/values.yaml @@ -29,7 +29,7 @@ ntfy: - name: NTFY_ATTACHMENT_CACHE_DIR valueFrom: secretKeyRef: - name: ntfy-config-secret + name: ntfy-config key: attachment-cache-dir - name: NTFY_ATTACHMENT_TOTAL_SIZE_LIMIT value: 10G -- 2.49.1 From 5d23f3c39162ca3b587e9a345fade927c07cd09d Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 19:14:38 -0500 Subject: [PATCH 08/12] feat: add more --- .../ollama/templates/external-secret.yaml | 18 +-- clusters/cl01tl/helm/ollama/values.yaml | 6 +- .../helm/openbao/templates/namespace.yaml | 4 +- .../outline/templates/external-secret.yaml | 16 +-- clusters/cl01tl/helm/outline/values.yaml | 8 +- .../templates/external-secret.yaml | 41 ++++--- .../cl01tl/helm/paperless-ngx/values.yaml | 8 +- .../cl01tl/helm/plex/templates/_helpers.tpl | 7 ++ .../templates/persistent-volume-claim.yaml | 6 +- .../plex/templates/persistent-volume.yaml | 4 +- clusters/cl01tl/helm/postiz/Chart.yaml | 2 +- .../postiz/templates/external-secret.yaml | 81 +++++-------- clusters/cl01tl/helm/postiz/values.yaml | 6 +- .../prowlarr/templates/external-secret.yaml | 2 +- clusters/cl01tl/helm/qbittorrent/Chart.yaml | 2 +- .../helm/qbittorrent/templates/_helpers.tpl | 7 ++ .../templates/external-secret.yaml | 111 ++++++++++++------ .../helm/qbittorrent/templates/namespace.yaml | 4 +- .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../templates/secret-provider-class.yaml | 18 +++ clusters/cl01tl/helm/qbittorrent/values.yaml | 92 ++++++++------- 22 files changed, 252 insertions(+), 201 deletions(-) create mode 100644 clusters/cl01tl/helm/qbittorrent/templates/secret-provider-class.yaml diff --git a/clusters/cl01tl/helm/ollama/templates/external-secret.yaml b/clusters/cl01tl/helm/ollama/templates/external-secret.yaml index be7ebdedf..0eb94a511 100644 --- a/clusters/cl01tl/helm/ollama/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/ollama/templates/external-secret.yaml @@ -2,40 +2,40 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: ollama-key-secret + name: open-webui-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: ollama-key-secret + app.kubernetes.io/name: open-webui-key {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: key remoteRef: - key: /cl01tl/ollama/key + key: /cl01tl/ollama/open-webui/key property: key --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: ollama-oidc-secret + name: open-webui-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: ollama-oidc-secret + app.kubernetes.io/name: open-webui-oidc-authentik {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: client remoteRef: - key: /authentik/oidc/ollama + key: /cl01tl/authentik/oidc/open-webui property: client - secretKey: secret remoteRef: - key: /authentik/oidc/ollama + key: /cl01tl/authentik/oidc/open-webui property: secret diff --git a/clusters/cl01tl/helm/ollama/values.yaml b/clusters/cl01tl/helm/ollama/values.yaml index 3045d7d24..65d1c0c6d 100644 --- a/clusters/cl01tl/helm/ollama/values.yaml +++ b/clusters/cl01tl/helm/ollama/values.yaml @@ -127,7 +127,7 @@ ollama: - name: WEBUI_SECRET_KEY valueFrom: secretKeyRef: - name: ollama-key-secret + name: ollama-key key: key - name: DATABASE_URL valueFrom: @@ -143,12 +143,12 @@ ollama: - name: OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: ollama-oidc-secret + name: open-webui-oidc-authentik key: secret - name: OAUTH_CLIENT_ID valueFrom: secretKeyRef: - name: ollama-oidc-secret + name: open-webui-oidc-authentik key: client - name: OAUTH_PROVIDER_NAME value: Authentik diff --git a/clusters/cl01tl/helm/openbao/templates/namespace.yaml b/clusters/cl01tl/helm/openbao/templates/namespace.yaml index 748ee3072..bbbe36926 100644 --- a/clusters/cl01tl/helm/openbao/templates/namespace.yaml +++ b/clusters/cl01tl/helm/openbao/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: openbao + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: openbao + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/outline/templates/external-secret.yaml b/clusters/cl01tl/helm/outline/templates/external-secret.yaml index ea13a006d..95de87fab 100644 --- a/clusters/cl01tl/helm/outline/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/outline/templates/external-secret.yaml @@ -1,15 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: outline-key-secret + name: outline-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: outline-key-secret + app.kubernetes.io/name: outline-key {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: secret-key remoteRef: @@ -24,21 +24,21 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: outline-oidc-secret + name: outline-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: outline-oidc-secret + app.kubernetes.io/name: outline-oidc-authentik {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: client remoteRef: - key: /authentik/oidc/outline + key: /cl01tl/authentik/oidc/outline property: client - secretKey: secret remoteRef: - key: /authentik/oidc/outline + key: /cl01tl/authentik/oidc/outline property: secret diff --git a/clusters/cl01tl/helm/outline/values.yaml b/clusters/cl01tl/helm/outline/values.yaml index fa38b9e89..7b1b08eb9 100644 --- a/clusters/cl01tl/helm/outline/values.yaml +++ b/clusters/cl01tl/helm/outline/values.yaml @@ -22,12 +22,12 @@ outline: - name: SECRET_KEY valueFrom: secretKeyRef: - name: outline-key-secret + name: outline-key key: secret-key - name: UTILS_SECRET valueFrom: secretKeyRef: - name: outline-key-secret + name: outline-key key: utils-key - name: POSTGRES_USERNAME valueFrom: @@ -89,12 +89,12 @@ outline: - name: OIDC_CLIENT_ID valueFrom: secretKeyRef: - name: outline-oidc-secret + name: outline-oidc-authentik key: client - name: OIDC_CLIENT_SECRET valueFrom: secretKeyRef: - name: outline-oidc-secret + name: outline-oidc-authentik key: secret - name: OIDC_AUTH_URI value: https://auth.alexlebens.dev/application/o/authorize/ diff --git a/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml b/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml index f7c3b9c20..ce61d84f8 100644 --- a/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/paperless-ngx/templates/external-secret.yaml @@ -1,51 +1,58 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: paperless-ngx-secret + name: paperless-ngx-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: paperless-ngx-secret + app.kubernetes.io/name: paperless-ngx-key {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: secret-key remoteRef: - key: /cl01tl/paperless-ngx/secret + key: /cl01tl/paperless-ngx/key property: secret-key + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: paperless-ngx-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: paperless-ngx-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: - secretKey: admin-user remoteRef: - key: /cl01tl/paperless-ngx/secret + key: /cl01tl/paperless-ngx/config property: admin-user - secretKey: admin-password remoteRef: - key: /cl01tl/paperless-ngx/secret + key: /cl01tl/paperless-ngx/config property: admin-password --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: paperless-ngx-oidc-secret + name: paperless-ngx-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: paperless-ngx-oidc-secret + app.kubernetes.io/name: paperless-ngx-oidc-authentik {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: OIDC_CLIENT_ID - remoteRef: - key: /authentik/oidc/paperless-ngx - property: client - - secretKey: OIDC_CLIENT_SECRET - remoteRef: - key: /authentik/oidc/paperless-ngx - property: secret - secretKey: PAPERLESS_SOCIALACCOUNT_PROVIDERS remoteRef: key: /authentik/oidc/paperless-ngx diff --git a/clusters/cl01tl/helm/paperless-ngx/values.yaml b/clusters/cl01tl/helm/paperless-ngx/values.yaml index e0d11337b..46d90c56d 100644 --- a/clusters/cl01tl/helm/paperless-ngx/values.yaml +++ b/clusters/cl01tl/helm/paperless-ngx/values.yaml @@ -44,7 +44,7 @@ paperless-ngx: - name: PAPERLESS_SECRET_KEY valueFrom: secretKeyRef: - name: paperless-ngx-secret + name: paperless-ngx-key key: secret-key - name: PAPERLESS_URL value: https://paperless-ngx.alexlebens.net @@ -53,12 +53,12 @@ paperless-ngx: - name: PAPERLESS_ADMIN_USER valueFrom: secretKeyRef: - name: paperless-ngx-secret + name: paperless-ngx-config key: admin-user - name: PAPERLESS_ADMIN_PASSWORD valueFrom: secretKeyRef: - name: paperless-ngx-secret + name: paperless-ngx-config key: admin-password - name: PAPERLESS_ACCOUNT_ALLOW_SIGNUPS value: true @@ -73,7 +73,7 @@ paperless-ngx: - name: PAPERLESS_SOCIALACCOUNT_PROVIDERS valueFrom: secretKeyRef: - name: paperless-ngx-oidc-secret + name: paperless-ngx-oidc-authentik key: PAPERLESS_SOCIALACCOUNT_PROVIDERS - name: PAPERLESS_SOCIALACCOUNT_DEFAULT_PERMISSIONS value: '["view_uisettings", "view_savedview", "add_uisettings", "change_uisettings", "delete_uisettings"]' diff --git a/clusters/cl01tl/helm/plex/templates/_helpers.tpl b/clusters/cl01tl/helm/plex/templates/_helpers.tpl index 10688fcef..a9372f5d1 100644 --- a/clusters/cl01tl/helm/plex/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/plex/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +plex-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml index b64bcbe01..7652a28b7 100644 --- a/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/plex/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: plex-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: plex-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: plex-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml b/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml index 7597395f6..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/plex/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: plex-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: plex-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/postiz/Chart.yaml b/clusters/cl01tl/helm/postiz/Chart.yaml index 32dee7fc0..6deda5c56 100644 --- a/clusters/cl01tl/helm/postiz/Chart.yaml +++ b/clusters/cl01tl/helm/postiz/Chart.yaml @@ -5,7 +5,7 @@ description: Postiz keywords: - postiz - social-media -home: https://docs.alexlebens.dev/applications/plex/ +home: https://docs.alexlebens.dev/applications/postiz/ sources: - https://github.com/gitroomhq/postiz-app - https://github.com/getsentry/spotlight diff --git a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml index 496d45f4c..48ebb134f 100644 --- a/clusters/cl01tl/helm/postiz/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/postiz/templates/external-secret.yaml @@ -1,71 +1,21 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: postiz-config-secret + name: postiz-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: postiz-config-secret + app.kubernetes.io/name: postiz-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: JWT_SECRET remoteRef: key: /cl01tl/postiz/config property: JWT_SECRET ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-oidc-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: client - remoteRef: - key: /authentik/oidc/postiz - property: client - - secretKey: secret - remoteRef: - key: /authentik/oidc/postiz - property: secret - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: postiz-elasticsearch-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: postiz-elasticsearch-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: username - remoteRef: - key: /cl01tl/postiz/elasticsearch - property: username - - secretKey: password - remoteRef: - key: /cl01tl/postiz/elasticsearch - property: password - - secretKey: roles - remoteRef: - key: /cl01tl/postiz/elasticsearch - property: roles - --- apiVersion: external-secrets.io/v1 kind: ExternalSecret @@ -78,7 +28,7 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: REDIS_URL remoteRef: @@ -96,3 +46,26 @@ spec: remoteRef: key: /cl01tl/postiz/valkey property: password + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: postiz-oidc-authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: postiz-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: client + remoteRef: + key: /cl01tl/authentik/oidc/postiz + property: client + - secretKey: secret + remoteRef: + key: /cl01tl/authentik/oidc/postiz + property: secret diff --git a/clusters/cl01tl/helm/postiz/values.yaml b/clusters/cl01tl/helm/postiz/values.yaml index 5fd7aa118..056907049 100644 --- a/clusters/cl01tl/helm/postiz/values.yaml +++ b/clusters/cl01tl/helm/postiz/values.yaml @@ -13,7 +13,7 @@ postiz: - name: JWT_SECRET valueFrom: secretKeyRef: - name: postiz-config-secret + name: postiz-config key: JWT_SECRET - name: MAIN_URL value: https://postiz.alexlebens.dev @@ -64,12 +64,12 @@ postiz: - name: POSTIZ_OAUTH_CLIENT_ID valueFrom: secretKeyRef: - name: postiz-oidc-secret + name: postiz-oidc-authentik key: client - name: POSTIZ_OAUTH_CLIENT_SECRET valueFrom: secretKeyRef: - name: postiz-oidc-secret + name: postiz-oidc-authentik key: secret - name: POSTIZ_OAUTH_SCOPE value: openid profile email diff --git a/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml b/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml index 58a28bba1..df4bdb367 100644 --- a/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/prowlarr/templates/external-secret.yaml @@ -9,7 +9,7 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: key remoteRef: diff --git a/clusters/cl01tl/helm/qbittorrent/Chart.yaml b/clusters/cl01tl/helm/qbittorrent/Chart.yaml index 4268eb938..3b1e89ccc 100644 --- a/clusters/cl01tl/helm/qbittorrent/Chart.yaml +++ b/clusters/cl01tl/helm/qbittorrent/Chart.yaml @@ -5,7 +5,7 @@ description: qBittorrent keywords: - qbittorrent - torrent -home: https://docs.alexlebens.dev/applications/prowlarr/ +home: https://docs.alexlebens.dev/applications/qbittorrent/ sources: - https://github.com/qbittorrent/qBittorrent - https://github.com/qdm12/gluetun diff --git a/clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl b/clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl index 10688fcef..0a58f9b45 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/qbittorrent/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +qbittorrent-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml index b5b3e2bde..e7f624514 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml @@ -1,75 +1,112 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: qbittorrent-wireguard-conf + name: qbit-manage-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: qbittorrent-wireguard-conf + app.kubernetes.io/name: qbit-manage-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + ntfy-url: "{{ `{{ .endpoint }}` }}/qbit-manage" data: + - secretKey: endpoint + remoteRef: + key: /cl01tl/ntfy/users/cl01tl + property: internal-endpoint-credential + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: qui-oidc-authentik + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qui-oidc-authentik + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: secret + remoteRef: + key: /cl01tl/authentik/oidc/qui + property: secret + - secretKey: client + remoteRef: + key: /cl01tl/authentik/oidc/qui + property: client + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: airvpn-wireguard-conf + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: airvpn-wireguard-conf + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: + - secretKey: conf + remoteRef: + key: /airvpn/config + property: conf - secretKey: private-key remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: private-key - secretKey: preshared-key remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: preshared-key - secretKey: addresses remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: addresses - secretKey: input-ports remoteRef: - key: /airvpn/conf/cl01tl + key: /airvpn/config property: input-ports --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: qbittorrent-qbit-manage-config + name: protonvpn-wireguard-conf namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: qbittorrent-qbit-manage-config + app.kubernetes.io/name: protonvpn-wireguard-conf {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: ntfy-url + - secretKey: conf remoteRef: - key: /cl01tl/qbittorrent/qbit-manage - property: ntfy-url - - secretKey: config.yml + key: /protonvpn/config + property: conf + - secretKey: email remoteRef: - key: /cl01tl/qbittorrent/qbit-manage - property: config.yml - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: qui-oidc-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: qui-oidc-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: secret + key: /protonvpn/config + property: email + - secretKey: password remoteRef: - key: /authentik/oidc/qui - property: secret - - secretKey: client + key: /protonvpn/config + property: password + - secretKey: private-key remoteRef: - key: /authentik/oidc/qui - property: client + key: /protonvpn/config + property: private-key diff --git a/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml b/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml index 97d505071..bbbe36926 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: qbittorrent + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: qbittorrent + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml index e300de499..7652a28b7 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: qbittorrent-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: qbittorrent-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: qbittorrent-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml index 4354effca..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: qbittorrent-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: qbittorrent-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/qbittorrent/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/qbittorrent/templates/secret-provider-class.yaml new file mode 100644 index 000000000..9ec37da5a --- /dev/null +++ b/clusters/cl01tl/helm/qbittorrent/templates/secret-provider-class.yaml @@ -0,0 +1,18 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: qbit-manage-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: qbit-manage-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: qbittorrent + objects: | + - objectName: config.yml + fileName: config.yml + secretPath: secret/data/cl01tl/qbittorrent/qbit-manage + secretKey: config.yml diff --git a/clusters/cl01tl/helm/qbittorrent/values.yaml b/clusters/cl01tl/helm/qbittorrent/values.yaml index d7f43e55d..3cf4c8d77 100644 --- a/clusters/cl01tl/helm/qbittorrent/values.yaml +++ b/clusters/cl01tl/helm/qbittorrent/values.yaml @@ -62,33 +62,22 @@ qbittorrent: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER - value: airvpn + value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: - name: qbittorrent-wireguard-conf + name: protonvpn-wireguard-conf key: private-key - - name: WIREGUARD_PRESHARED_KEY - valueFrom: - secretKeyRef: - name: qbittorrent-wireguard-conf - key: preshared-key - - name: WIREGUARD_ADDRESSES - valueFrom: - secretKeyRef: - name: qbittorrent-wireguard-conf - key: addresses - - name: FIREWALL_VPN_INPUT_PORTS - valueFrom: - secretKeyRef: - name: qbittorrent-wireguard-conf - key: input-ports - name: FIREWALL_OUTBOUND_SUBNETS value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS - value: 8080,9022 + value: 5030,50300 + - name: VPN_PORT_FORWARDING + value: 'on' + - name: VPN_PORT_FORWARDING_UP_COMMAND + value: '/bin/sh -c "/gluetun/update.sh {{ printf "{{PORTS}}" }}"' - name: DNS_UPSTREAM_RESOLVER_TYPE value: dot - name: BLOCK_MALICIOUS @@ -141,6 +130,8 @@ qbittorrent: reloader.stakater.com/auto: "true" replicas: 1 strategy: Recreate + serviceAccount: + name: qbittorrent initContainers: init-copy-config: image: @@ -150,7 +141,7 @@ qbittorrent: - /bin/sh - -ec - | - cp /config/config.yml /app/config/config.yml + cp /tmp/config.yml /app/config/config.yml containers: qbit-manage: image: @@ -194,7 +185,7 @@ qbittorrent: - name: APPRISE_STATELESS_URLS valueFrom: secretKeyRef: - name: qbittorrent-qbit-manage-config + name: qbit-manage-config key: ntfy-url qui: type: deployment @@ -223,12 +214,12 @@ qbittorrent: - name: QUI__OIDC_CLIENT_ID valueFrom: secretKeyRef: - name: qui-oidc-secret + name: qui-oidc-authentik key: client - name: QUI__OIDC_CLIENT_SECRET valueFrom: secretKeyRef: - name: qui-oidc-secret + name: qui-oidc-authentik key: secret - name: QUI__OIDC_REDIRECT_URL value: https://qui.alexlebens.net/api/auth/oidc/callback @@ -238,6 +229,10 @@ qbittorrent: requests: cpu: 10m memory: 70Mi + serviceAccount: + qbittorrent: + enabled: true + staticToken: true service: main: controller: main @@ -347,22 +342,6 @@ qbittorrent: gluetun: - path: /gluetun/update.sh subPath: update.sh - qbit-manage-config: - enabled: true - type: secret - name: qbittorrent-qbit-manage-config - advancedMounts: - qbit-manage: - init-copy-config: - - path: /config/config.yml - readOnly: true - mountPropagation: None - subPath: config.yml - qbit-manage: - - path: /config/config.yml - readOnly: true - mountPropagation: None - subPath: config.yml config-data: forceRename: qbittorrent-config-data storageClass: ceph-filesystem @@ -377,6 +356,27 @@ qbittorrent: qbit-manage: - path: /qbittorrent/qBittorrent readOnly: false + qbit-manage-config: + enabled: true + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: qbit-manage-config + advancedMounts: + qbit-manage: + init-copy-config: + - path: /tmp/config.yml + readOnly: true + mountPropagation: None + subPath: config.yml + qbit-manage: + - path: /tmp/config.yml + readOnly: true + mountPropagation: None + subPath: config.yml qbit-manage-config-data: forceRename: qbittorrent-qbit-manage-config-data storageClass: ceph-block @@ -390,6 +390,15 @@ qbittorrent: qbit-manage: - path: /app/config readOnly: false + qbit-manage-config-var: + storageClass: ceph-block + accessMode: ReadWriteOnce + size: 500Mi + advancedMounts: + qbit-manage: + qbit-manage: + - path: /app/var + readOnly: false qui-config-data: forceRename: qbittorrent-qui-config-data storageClass: ceph-block @@ -400,13 +409,6 @@ qbittorrent: qui: - path: /config readOnly: false - qbit-manage-config-var: - type: emptyDir - advancedMounts: - qbit-manage: - qbit-manage: - - path: /app/var - readOnly: false storage: type: persistentVolumeClaim existingClaim: qbittorrent-nfs-storage -- 2.49.1 From 88c6b6f61a660815a616fb72998fe573f49f0d88 Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 19:38:17 -0500 Subject: [PATCH 09/12] feat: add more --- .../helm/radarr-4k/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../helm/radarr-anime/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../radarr-standup/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../cl01tl/helm/radarr/templates/_helpers.tpl | 7 +++ .../templates/persistent-volume-claim.yaml | 6 +- .../radarr/templates/persistent-volume.yaml | 4 +- .../rclone/templates/external-secret.yaml | 58 +++++++++---------- clusters/cl01tl/helm/rclone/values.yaml | 10 +--- clusters/cl01tl/helm/reloader/Chart.yaml | 2 +- .../helm/rook-ceph/templates/namespace.yaml | 4 +- .../roundcube/templates/external-secret.yaml | 8 +-- clusters/cl01tl/helm/roundcube/values.yaml | 2 +- .../rybbit/templates/external-secret.yaml | 37 ++++++++---- clusters/cl01tl/helm/rybbit/values.yaml | 12 ++-- 20 files changed, 117 insertions(+), 84 deletions(-) diff --git a/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl index 10688fcef..81cb6a170 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr-4k/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-4k-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml index b1a1250f5..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-4k-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-4k-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-4k-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml index 07ded9aa5..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-4k/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-4k-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-4k-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl index 10688fcef..a446db06e 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr-anime/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-anime-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml index 463913336..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-anime-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-anime-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-anime-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml index 4ff3d5b21..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-anime/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-anime-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-anime-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl index 10688fcef..9e56f5fc8 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr-standup/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-standup-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml index 6c61d9abc..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-standup-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-standup-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-standup-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml index 2abc1a935..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr-standup/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-standup-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-standup-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/radarr/templates/_helpers.tpl b/clusters/cl01tl/helm/radarr/templates/_helpers.tpl index 10688fcef..1ab2968a7 100644 --- a/clusters/cl01tl/helm/radarr/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/radarr/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +radarr-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml index e4702537e..7652a28b7 100644 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/radarr/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: radarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: radarr-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml index e11ad08ae..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/radarr/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: radarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: radarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml index e6613280b..de511fb9e 100644 --- a/clusters/cl01tl/helm/rclone/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rclone/templates/external-secret.yaml @@ -9,7 +9,7 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ACCESS_KEY_ID remoteRef: @@ -25,12 +25,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -60,12 +60,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -95,12 +95,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -130,12 +130,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -165,12 +165,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -200,12 +200,12 @@ spec: property: ACCESS_SECRET_KEY - secretKey: SRC_ENDPOINT remoteRef: - key: /garage/config/local - property: ENDPOINT + key: /garage/config + property: ENDPOINT_LOCAL - secretKey: DEST_ENDPOINT remoteRef: - key: /garage/config/remote - property: ENDPOINT + key: /garage/config + property: ENDPOINT_REMOTE --- apiVersion: external-secrets.io/v1 @@ -235,11 +235,11 @@ spec: property: ACCESS_SECRET_KEY - secretKey: ENDPOINT_LOCAL remoteRef: - key: /garage/home-infra/openbao-backups + key: /garage/config property: ENDPOINT_LOCAL - secretKey: ENDPOINT_REMOTE remoteRef: - key: /garage/home-infra/openbao-backups + key: /garage/config property: ENDPOINT_REMOTE --- @@ -268,7 +268,3 @@ spec: remoteRef: key: /digital-ocean/home-infra/openbao-backups property: ACCESS_SECRET_KEY - - secretKey: ENDPOINT - remoteRef: - key: /digital-ocean/home-infra/openbao-backups - property: ENDPOINT diff --git a/clusters/cl01tl/helm/rclone/values.yaml b/clusters/cl01tl/helm/rclone/values.yaml index d2d7ef704..22765c63f 100644 --- a/clusters/cl01tl/helm/rclone/values.yaml +++ b/clusters/cl01tl/helm/rclone/values.yaml @@ -747,10 +747,7 @@ rclone: name: external-openbao-backups-secret key: ACCESS_REGION - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ENDPOINT + value: https://nyc3.digitaloceanspaces.com - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE value: true prune: @@ -786,9 +783,6 @@ rclone: name: external-openbao-backups-secret key: ACCESS_REGION - name: RCLONE_CONFIG_DEST_ENDPOINT - valueFrom: - secretKeyRef: - name: external-openbao-backups-secret - key: ENDPOINT + value: https://nyc3.digitaloceanspaces.com - name: RCLONE_CONFIG_DEST_S3_FORCE_PATH_STYLE value: true diff --git a/clusters/cl01tl/helm/reloader/Chart.yaml b/clusters/cl01tl/helm/reloader/Chart.yaml index 669c0514d..b7002e307 100644 --- a/clusters/cl01tl/helm/reloader/Chart.yaml +++ b/clusters/cl01tl/helm/reloader/Chart.yaml @@ -5,7 +5,7 @@ description: Reloader keywords: - reloader - config-map -home: https://docs.alexlebens.dev/applications/rclone/ +home: https://docs.alexlebens.dev/applications/reloader/ sources: - https://github.com/stakater/Reloader - https://github.com/stakater/Reloader/tree/master/deployments/kubernetes/chart/reloader diff --git a/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml b/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml index 82e9bf619..bbbe36926 100644 --- a/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml +++ b/clusters/cl01tl/helm/rook-ceph/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: rook-ceph + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: rook-ceph + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml index 89fdc892e..e4301aadb 100644 --- a/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/roundcube/templates/external-secret.yaml @@ -1,17 +1,17 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: roundcube-key-secret + name: roundcube-key namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: roundcube-key-secret + app.kubernetes.io/name: roundcube-key {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: DES_KEY remoteRef: key: /cl01tl/roundcube/key - property: DES_KEY + property: des-key diff --git a/clusters/cl01tl/helm/roundcube/values.yaml b/clusters/cl01tl/helm/roundcube/values.yaml index 06150f268..88b25cd51 100644 --- a/clusters/cl01tl/helm/roundcube/values.yaml +++ b/clusters/cl01tl/helm/roundcube/values.yaml @@ -35,7 +35,7 @@ roundcube: - name: ROUNDCUBEMAIL_DES_KEY valueFrom: secretKeyRef: - name: roundcube-key-secret + name: roundcube-key key: DES_KEY - name: ROUNDCUBEMAIL_DEFAULT_HOST value: stalwart.stalwart diff --git a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml index cda4cae82..412771812 100644 --- a/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/rybbit/templates/external-secret.yaml @@ -1,15 +1,38 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: rybbit-config-secret + name: rybbit-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: rybbit-config-secret + app.kubernetes.io/name: rybbit-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao + data: + - secretKey: better-auth-secret + remoteRef: + key: /cl01tl/rybbit/config + property: better-auth-secret + - secretKey: mapbox-token + remoteRef: + key: /cl01tl/rybbit/config + property: mapbox-token + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: rybbit-clickhouse-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: rybbit-clickhouse-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao data: - secretKey: clickhouse-user remoteRef: @@ -19,11 +42,3 @@ spec: remoteRef: key: /cl01tl/rybbit/clickhouse property: password - - secretKey: better-auth-secret - remoteRef: - key: /cl01tl/rybbit/auth - property: better-auth-secret - - secretKey: mapbox-token - remoteRef: - key: /cl01tl/rybbit/auth - property: mapbox-token diff --git a/clusters/cl01tl/helm/rybbit/values.yaml b/clusters/cl01tl/helm/rybbit/values.yaml index 31c9e9b0c..e86451199 100644 --- a/clusters/cl01tl/helm/rybbit/values.yaml +++ b/clusters/cl01tl/helm/rybbit/values.yaml @@ -19,12 +19,12 @@ rybbit: - name: CLICKHOUSE_USER valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-user - name: CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-password - name: POSTGRES_HOST valueFrom: @@ -54,7 +54,7 @@ rybbit: - name: BETTER_AUTH_SECRET valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-config key: better-auth-secret - name: BASE_URL value: https://rybbit.alexlebens.dev @@ -65,7 +65,7 @@ rybbit: - name: MAPBOX_TOKEN valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-config key: mapbox-token probes: liveness: @@ -119,12 +119,12 @@ rybbit: - name: CLICKHOUSE_USER valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-user - name: CLICKHOUSE_PASSWORD valueFrom: secretKeyRef: - name: rybbit-config-secret + name: rybbit-clickhouse-config key: clickhouse-password probes: liveness: -- 2.49.1 From c2017d136144a2eebb05ae0bb62f72aabfed0acc Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Wed, 22 Apr 2026 20:12:26 -0500 Subject: [PATCH 10/12] feat: add more --- .../templates/external-secret.yaml | 22 +++++++----- clusters/cl01tl/helm/s3-exporter/values.yaml | 15 ++++---- .../searxng/templates/external-secret.yaml | 35 ++++--------------- .../templates/secret-provider-class.yaml | 22 ++++++++++++ clusters/cl01tl/helm/searxng/values.yaml | 26 ++++++++------ .../templates/namespace.yaml | 4 +-- .../helm/shelfmark/templates/_helpers.tpl | 13 +++++++ .../shelfmark/templates/external-secret.yaml | 25 ++++++++++--- .../templates/persistent-volume-claim.yaml | 18 +++++----- .../templates/persistent-volume.yaml | 12 +++---- clusters/cl01tl/helm/shelfmark/values.yaml | 6 ++-- .../templates/external-secret.yaml | 10 +++--- .../cl01tl/helm/slskd/templates/_helpers.tpl | 7 ++++ .../helm/slskd/templates/namespace.yaml | 4 +-- .../templates/persistent-volume-claim.yaml | 6 ++-- .../slskd/templates/persistent-volume.yaml | 4 +-- .../helm/sonarr-4k/templates/_helpers.tpl | 7 ++++ .../templates/persistent-volume-claim.yaml | 6 ++-- .../templates/persistent-volume.yaml | 4 +-- .../helm/sonarr-anime/templates/_helpers.tpl | 7 ++++ .../templates/persistent-volume-claim.yaml | 6 ++-- .../templates/persistent-volume.yaml | 4 +-- .../cl01tl/helm/sonarr/templates/_helpers.tpl | 7 ++++ .../templates/persistent-volume-claim.yaml | 6 ++-- .../sonarr/templates/persistent-volume.yaml | 4 +-- 25 files changed, 173 insertions(+), 107 deletions(-) create mode 100644 clusters/cl01tl/helm/searxng/templates/secret-provider-class.yaml diff --git a/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml b/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml index 8f8081e0d..05d369f2e 100644 --- a/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/s3-exporter/templates/external-secret.yaml @@ -1,42 +1,42 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: s3-do-home-infra-secret + name: digital-ocean-s3-exporter-credentials namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: s3-do-home-infra-secret + app.kubernetes.io/name: digital-ocean-s3-exporter-credentials {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: - key: /digital-ocean/home-infra/all-access + key: /digital-ocean/home-infra/s3-exporter property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: - key: /digital-ocean/home-infra/all-access + key: /digital-ocean/home-infra/s3-exporter property: AWS_SECRET_ACCESS_KEY - secretKey: AWS_REGION remoteRef: - key: /digital-ocean/home-infra/prometheus-exporter + key: /digital-ocean/home-infra/s3-exporter property: AWS_REGION --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: s3-garage-secret + name: garage-s3-exporter-credentials namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: s3-garage-secret + app.kubernetes.io/name: garage-s3-exporter-credentials {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: @@ -46,3 +46,7 @@ spec: remoteRef: key: /garage/home-infra/s3-exporter property: ACCESS_SECRET_KEY + - secretKey: ACCESS_REGION + remoteRef: + key: /garage/home-infra/s3-exporter + property: ACCESS_REGION diff --git a/clusters/cl01tl/helm/s3-exporter/values.yaml b/clusters/cl01tl/helm/s3-exporter/values.yaml index d132255ff..abdcb7fb8 100644 --- a/clusters/cl01tl/helm/s3-exporter/values.yaml +++ b/clusters/cl01tl/helm/s3-exporter/values.yaml @@ -17,17 +17,17 @@ s3-exporter: - name: S3_ACCESS_KEY valueFrom: secretKeyRef: - name: s3-do-home-infra-secret + name: digital-ocean-s3-exporter-credentials key: AWS_ACCESS_KEY_ID - name: S3_SECRET_KEY valueFrom: secretKeyRef: - name: s3-do-home-infra-secret + name: digital-ocean-s3-exporter-credentials key: AWS_SECRET_ACCESS_KEY - name: S3_REGION valueFrom: secretKeyRef: - name: s3-do-home-infra-secret + name: digital-ocean-s3-exporter-credentials key: AWS_REGION - name: LOG_LEVEL value: info @@ -54,15 +54,18 @@ s3-exporter: - name: S3_ACCESS_KEY valueFrom: secretKeyRef: - name: s3-garage-secret + name: garage-s3-exporter-credentials key: AWS_ACCESS_KEY_ID - name: S3_SECRET_KEY valueFrom: secretKeyRef: - name: s3-garage-secret + name: garage-s3-exporter-credentials key: AWS_SECRET_ACCESS_KEY - name: S3_REGION - value: us-east-1 + valueFrom: + secretKeyRef: + name: garage-s3-exporter-credentials + key: ACCESS_REGION - name: LOG_LEVEL value: debug - name: S3_FORCE_PATH_STYLE diff --git a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml index 468398105..c5f0f4d42 100644 --- a/clusters/cl01tl/helm/searxng/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/searxng/templates/external-secret.yaml @@ -1,10 +1,10 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: searxng-browser-metrics-auth + name: searxng-browser-metrics-credentials namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: searxng-browser-metrics-auth + app.kubernetes.io/name: searxng-browser-metrics-credentials {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: @@ -13,32 +13,9 @@ spec: data: - secretKey: metrics-password remoteRef: - key: cl01tl/searxng/browser - property: metrics-password + key: /cl01tl/searxng/metrics + property: password - secretKey: metrics-username remoteRef: - key: cl01tl/searxng/browser - property: metrics-username - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: searxng-api-config-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: searxng-api-config-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: settings.yml - remoteRef: - key: /cl01tl/searxng/api/config - property: settings.yml - - secretKey: limiter.toml - remoteRef: - key: /cl01tl/searxng/api/config - property: limiter.toml + key: /cl01tl/searxng/metrics + property: username diff --git a/clusters/cl01tl/helm/searxng/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/searxng/templates/secret-provider-class.yaml new file mode 100644 index 000000000..09329de8c --- /dev/null +++ b/clusters/cl01tl/helm/searxng/templates/secret-provider-class.yaml @@ -0,0 +1,22 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: searxng-api-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: searxng-api-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: searxng + objects: | + - objectName: limiter.toml + fileName: limiter.toml + secretPath: secret/data/cl01tl/searxng/api + secretKey: limiter.toml + - objectName: settings.yml + fileName: settings.yml + secretPath: secret/data/cl01tl/searxng/api + secretKey: settings.yml diff --git a/clusters/cl01tl/helm/searxng/values.yaml b/clusters/cl01tl/helm/searxng/values.yaml index 94b8d22e5..87c37cebb 100644 --- a/clusters/cl01tl/helm/searxng/values.yaml +++ b/clusters/cl01tl/helm/searxng/values.yaml @@ -4,6 +4,8 @@ searxng: type: deployment replicas: 1 strategy: Recreate + serviceAccount: + name: searxng containers: main: image: @@ -58,6 +60,9 @@ searxng: image: repository: valkey/valkey tag: 9.0.3-alpine@sha256:e1095c6c76ee982cb2d1e07edbb7fb2a53606630a1d810d5a47c9f646b708bf5 + serviceAccount: + searxng: + enabled: true service: api: controller: api @@ -85,10 +90,10 @@ searxng: path: /metrics basicAuth: password: - name: searxng-browser-metrics-auth + name: searxng-browser-metrics-credentials key: metrics-password username: - name: searxng-browser-metrics-auth + name: searxng-browser-metrics-credentials key: metrics-username route: main: @@ -110,20 +115,19 @@ searxng: value: / persistence: config: - enabled: true - type: secret - name: searxng-api-config-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: searxng-api-config advancedMounts: api: main: - - path: /etc/searxng/settings.yml + - path: /etc/searxng/ readOnly: true mountPropagation: None - subPath: settings.yml - - path: /etc/searxng/limiter.toml - readOnly: true - mountPropagation: None - subPath: limiter.toml api-data: forceRename: searxng-api-data storageClass: ceph-block diff --git a/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml b/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml index 05537d795..bbbe36926 100644 --- a/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml +++ b/clusters/cl01tl/helm/secrets-store-csi-driver/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: secrets-store-csi-driver + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: secrets-store-csi-driver + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl b/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl index 10688fcef..e79a24345 100644 --- a/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/shelfmark/templates/_helpers.tpl @@ -12,3 +12,16 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageImportNfsName" -}} +shelfmark-import-nfs-storage +{{- end -}} +{{- define "custom.storageAudiobooksNfsName" -}} +shelfmark-audiobooks-nfs-storage +{{- end -}} +{{- define "custom.storageDownloadsNfsName" -}} +shelfmark-downloads-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml b/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml index c9eb87bd2..12dbfe904 100644 --- a/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/shelfmark/templates/external-secret.yaml @@ -1,24 +1,39 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: shelfmark-config-secret + name: shelfmark-grimmory-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: shelfmark-config-secret + app.kubernetes.io/name: shelfmark-grimmory-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: grimmory-user remoteRef: - key: /cl01tl/shelfmark/booklore + key: /cl01tl/grimmory/users/shelfmark property: user - secretKey: grimmory-password remoteRef: - key: /cl01tl/shelfmark/booklore + key: /cl01tl/grimmory/users/shelfmark property: password + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: shelfmark-prowlarr-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: shelfmark-prowlarr-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + data: - secretKey: prowlarr-key remoteRef: key: /cl01tl/prowlarr/key diff --git a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml index 00a8465a6..d1f6b3a98 100644 --- a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: shelfmark-import-nfs-storage + name: {{ include "custom.storageImportNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: shelfmark-import-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageImportNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: shelfmark-import-nfs-storage + volumeName: {{ include "custom.storageImportNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -19,13 +19,13 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: shelfmark-audiobooks-nfs-storage + name: {{ include "custom.storageAudiobooksNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: shelfmark-audiobooks-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageAudiobooksNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: shelfmark-audiobooks-nfs-storage + volumeName: {{ include "custom.storageAudiobooksNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany @@ -37,13 +37,13 @@ spec: apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: shelfmark-downloads-nfs-storage + name: {{ include "custom.storageDownloadsNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: shelfmark-downloads-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageDownloadsNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: shelfmark-downloads-nfs-storage + volumeName: {{ include "custom.storageDownloadsNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml index 02b16ff44..e106ef285 100644 --- a/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/shelfmark/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: shelfmark-import-nfs-storage + name: {{ include "custom.storageImportNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: shelfmark-import-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageImportNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain @@ -25,10 +25,10 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: shelfmark-audiobooks-nfs-storage + name: {{ include "custom.storageAudiobooksNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: shelfmark-audiobooks-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageAudiobooksNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain @@ -49,10 +49,10 @@ spec: apiVersion: v1 kind: PersistentVolume metadata: - name: shelfmark-downloads-nfs-storage + name: {{ include "custom.storageDownloadsNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: shelfmark-downloads-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageDownloadsNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/shelfmark/values.yaml b/clusters/cl01tl/helm/shelfmark/values.yaml index 9ddf69a8e..a7597f8a2 100644 --- a/clusters/cl01tl/helm/shelfmark/values.yaml +++ b/clusters/cl01tl/helm/shelfmark/values.yaml @@ -35,12 +35,12 @@ shelfmark: - name: BOOKLORE_USERNAME valueFrom: secretKeyRef: - name: shelfmark-config-secret + name: shelfmark-grimmory-config key: grimmory-user - name: BOOKLORE_PASSWORD valueFrom: secretKeyRef: - name: shelfmark-config-secret + name: shelfmark-grimmory-config key: grimmory-password - name: BOOKLORE_DESTINATION value: library @@ -67,7 +67,7 @@ shelfmark: - name: PROWLARR_API_KEY valueFrom: secretKeyRef: - name: shelfmark-config-secret + name: shelfmark-prowlarr-config key: prowlarr-key - name: ABB_ENABLED value: true diff --git a/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml b/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml index c0ea53483..a7a0e5eb9 100644 --- a/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/shelly-plug/templates/external-secret.yaml @@ -9,13 +9,13 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: SHELLY_HTTP_USERNAME remoteRef: - key: /shelly-plug/auth/it05sp - property: SHELLY_HTTP_USERNAME + key: /it05sp/auth + property: username - secretKey: SHELLY_HTTP_PASSWORD remoteRef: - key: /shelly-plug/auth/it05sp - property: SHELLY_HTTP_PASSWORD + key: /it05sp/auth + property: password diff --git a/clusters/cl01tl/helm/slskd/templates/_helpers.tpl b/clusters/cl01tl/helm/slskd/templates/_helpers.tpl index 10688fcef..a1211d044 100644 --- a/clusters/cl01tl/helm/slskd/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/slskd/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +slskd-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/slskd/templates/namespace.yaml b/clusters/cl01tl/helm/slskd/templates/namespace.yaml index be130061c..bbbe36926 100644 --- a/clusters/cl01tl/helm/slskd/templates/namespace.yaml +++ b/clusters/cl01tl/helm/slskd/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: slskd + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: slskd + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml index cba12149a..7652a28b7 100644 --- a/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/slskd/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: slskd-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: slskd-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: slskd-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml b/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml index 5ad8d6a44..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/slskd/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: slskd-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: slskd-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl b/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl index 10688fcef..c98dc029c 100644 --- a/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/sonarr-4k/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +sonarr-4k-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml index f83ff9214..7652a28b7 100644 --- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: sonarr-4k-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-4k-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: sonarr-4k-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml index c7ddc3c18..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/sonarr-4k/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: sonarr-4k-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-4k-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl b/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl index 10688fcef..74f994922 100644 --- a/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/sonarr-anime/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +sonarr-anime-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml index 531b38f11..7652a28b7 100644 --- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: sonarr-anime-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-anime-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: sonarr-anime-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml index 50aa05f46..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/sonarr-anime/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: sonarr-anime-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-anime-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl b/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl index 10688fcef..3a85d86fb 100644 --- a/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/sonarr/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +sonarr-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml index cae209ff6..7652a28b7 100644 --- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/sonarr/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: sonarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: sonarr-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml index a63d6c47e..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/sonarr/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: sonarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sonarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain -- 2.49.1 From 2585444c8a53626c47bdd20decddc33085eb2eac Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 23 Apr 2026 16:40:37 -0500 Subject: [PATCH 11/12] feat: add more --- .../templates/external-secret.yaml | 16 +-- .../cl01tl/helm/sparkyfitness/values.yaml | 2 +- .../stalwart/templates/elasticsearch.yaml | 2 +- .../stalwart/templates/external-secret.yaml | 6 +- .../helm/stalwart/templates/namespace.yaml | 4 +- .../templates/external-secrets.yaml | 10 +- .../templates/namespace.yaml | 4 +- .../helm/talos/templates/external-secret.yaml | 77 ++++-------- .../templates/secret-provider-class.yaml | 78 ++++++++++++ clusters/cl01tl/helm/talos/values.yaml | 114 ++++++++---------- 10 files changed, 172 insertions(+), 141 deletions(-) create mode 100644 clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml diff --git a/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml b/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml index 2bb5cdc61..2e6c8aa22 100644 --- a/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/sparkyfitness/templates/external-secret.yaml @@ -9,36 +9,36 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: api_encryption_key remoteRef: key: /cl01tl/sparkyfitness/key - property: api_encryption_key + property: api-encryption-key - secretKey: better_auth_secret remoteRef: key: /cl01tl/sparkyfitness/key - property: better_auth_secret + property: better-auth-secret --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: sparkyfitness-oidc-secret + name: sparkyfitness-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: sparkyfitness-oidc-secret + app.kubernetes.io/name: sparkyfitness-oidc-authentik {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: client_id remoteRef: - key: /authentik/oidc/sparkyfitness + key: /cl01tl/authentik/oidc/sparkyfitness property: client - secretKey: client_secret remoteRef: - key: /authentik/oidc/sparkyfitness + key: /cl01tl/authentik/oidc/sparkyfitness property: secret diff --git a/clusters/cl01tl/helm/sparkyfitness/values.yaml b/clusters/cl01tl/helm/sparkyfitness/values.yaml index 13b71c175..31c1f724c 100644 --- a/clusters/cl01tl/helm/sparkyfitness/values.yaml +++ b/clusters/cl01tl/helm/sparkyfitness/values.yaml @@ -10,7 +10,7 @@ sparkyfitness: issuerUrl: https://authentik.alexlebens.net/application/o/sparky-fitness logoUrl: https://cdn.jsdelivr.net/gh/selfhst/icons@main/webp/authentik.webp secrets: - existingSecret: sparkyfitness-oidc-secret + existingSecret: sparkyfitness-oidc-authentik httpRoute: enabled: true hostname: sparkyfitness.alexlebens.net diff --git a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml index 672c3369a..e8816b691 100644 --- a/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/elasticsearch.yaml @@ -11,7 +11,7 @@ spec: version: 9.3.3 auth: fileRealm: - - secretName: stalwart-elasticsearch-secret + - secretName: stalwart-elasticsearch-config nodeSets: - name: default count: 2 diff --git a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml index 31cfd9583..b344d835e 100644 --- a/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/external-secret.yaml @@ -1,15 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: stalwart-elasticsearch-secret + name: stalwart-elasticsearch-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: stalwart-elasticsearch-secret + app.kubernetes.io/name: stalwart-elasticsearch-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: username remoteRef: diff --git a/clusters/cl01tl/helm/stalwart/templates/namespace.yaml b/clusters/cl01tl/helm/stalwart/templates/namespace.yaml index c573f079f..bbbe36926 100644 --- a/clusters/cl01tl/helm/stalwart/templates/namespace.yaml +++ b/clusters/cl01tl/helm/stalwart/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: stalwart + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: stalwart + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml index 18539044b..0c7f3393c 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/external-secrets.yaml @@ -9,13 +9,13 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: client_id remoteRef: - key: /tailscale/k8s-operator - property: clientId + key: /tailscale/credentials/k8s-operator + property: client-id - secretKey: client_secret remoteRef: - key: /tailscale/k8s-operator - property: clientSecret + key: /tailscale/credentials/k8s-operator + property: client-secret diff --git a/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml b/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml index 166afd7cc..bbbe36926 100644 --- a/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml +++ b/clusters/cl01tl/helm/tailscale-operator/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: tailscale-operator + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tailscale-operator + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/talos/templates/external-secret.yaml b/clusters/cl01tl/helm/talos/templates/external-secret.yaml index aff367831..77d47b660 100644 --- a/clusters/cl01tl/helm/talos/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/talos/templates/external-secret.yaml @@ -1,15 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: talos-etcd-backup-local-secret + name: talos-etcd-backup-local-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: talos-etcd-backup-local-secret + app.kubernetes.io/name: talos-etcd-backup-local-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: @@ -19,14 +19,10 @@ spec: remoteRef: key: /garage/home-infra/talos-backups property: ACCESS_SECRET_KEY - - secretKey: .s3cfg - remoteRef: - key: /garage/home-infra/talos-backups - property: s3cfg-local - secretKey: BUCKET remoteRef: key: /garage/home-infra/talos-backups - property: BUCKET + property: BUCKET_PATH - secretKey: AGE_X25519_PUBLIC_KEY remoteRef: key: /cl01tl/talos/etcd-backup @@ -36,15 +32,15 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: talos-etcd-backup-remote-secret + name: talos-etcd-backup-remote-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: talos-etcd-backup-remote-secret + app.kubernetes.io/name: talos-etcd-backup-remote-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: @@ -54,14 +50,10 @@ spec: remoteRef: key: /garage/home-infra/talos-backups property: ACCESS_SECRET_KEY - - secretKey: .s3cfg - remoteRef: - key: /garage/home-infra/talos-backups - property: s3cfg-remote - secretKey: BUCKET remoteRef: key: /garage/home-infra/talos-backups - property: BUCKET + property: BUCKET_PATH - secretKey: AGE_X25519_PUBLIC_KEY remoteRef: key: /cl01tl/talos/etcd-backup @@ -71,32 +63,28 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: talos-etcd-backup-external-secret + name: talos-etcd-backup-external-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: talos-etcd-backup-external-secret + app.kubernetes.io/name: talos-etcd-backup-external-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: AWS_ACCESS_KEY_ID remoteRef: - key: /digital-ocean/home-infra/etcd-backup + key: /digital-ocean/home-infra/talos-backups property: AWS_ACCESS_KEY_ID - secretKey: AWS_SECRET_ACCESS_KEY remoteRef: - key: /digital-ocean/home-infra/etcd-backup + key: /digital-ocean/home-infra/talos-backups property: AWS_SECRET_ACCESS_KEY - - secretKey: .s3cfg - remoteRef: - key: /digital-ocean/home-infra/etcd-backup - property: s3cfg - secretKey: BUCKET remoteRef: - key: /digital-ocean/home-infra/etcd-backup - property: BUCKET + key: /digital-ocean/home-infra/talos-backups + property: BUCKET_PATH - secretKey: AGE_X25519_PUBLIC_KEY remoteRef: key: /cl01tl/talos/etcd-backup @@ -106,44 +94,25 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: talos-backup-ntfy-secret + name: talos-ntfy-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: talos-backup-ntfy-secret + app.kubernetes.io/name: talos-ntfy-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: NTFY_TOKEN remoteRef: - key: /ntfy/user/cl01tl + key: /cl01tl/ntfy/users/cl01tl property: token - secretKey: NTFY_ENDPOINT remoteRef: - key: /ntfy/user/cl01tl - property: endpoint + key: /cl01tl/ntfy/config + property: internal-endpoint - secretKey: NTFY_TOPIC remoteRef: - key: /cl01tl/talos/etcd-backup - property: NTFY_TOPIC - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: talos-etcd-defrag-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: talos-etcd-defrag-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: config - remoteRef: - key: /cl01tl/talos/etcd-defrag - property: config + key: /cl01tl/talos/ntfy + property: topic diff --git a/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml new file mode 100644 index 000000000..f3d7c0ca0 --- /dev/null +++ b/clusters/cl01tl/helm/talos/templates/secret-provider-class.yaml @@ -0,0 +1,78 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: talos-etcd-backup-local-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: talos-etcd-backup-local-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: slskd + objects: | + - objectName: .s3cfg + fileName: .s3cfg + secretPath: secret/data/garage/home-infra/talos-backups + secretKey: s3cfg-local + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: talos-etcd-backup-remote-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: talos-etcd-backup-remote-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: slskd + objects: | + - objectName: .s3cfg + fileName: .s3cfg + secretPath: secret/data/garage/home-infra/talos-backups + secretKey: s3cfg-remote + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: talos-etcd-backup-external-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: talos-etcd-backup-external-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: slskd + objects: | + - objectName: .s3cfg + fileName: .s3cfg + secretPath: secret/data/digital-ocean/home-infra/talos-backups + secretKey: s3cfg + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: talos-etcd-defrag-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: talos-etcd-defrag-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: slskd + objects: | + - objectName: config + fileName: config + secretPath: secret/data/cl01tl/talos/talosconfig + secretKey: config diff --git a/clusters/cl01tl/helm/talos/values.yaml b/clusters/cl01tl/helm/talos/values.yaml index ee9f3b707..a704768bc 100644 --- a/clusters/cl01tl/helm/talos/values.yaml +++ b/clusters/cl01tl/helm/talos/values.yaml @@ -37,12 +37,12 @@ etcd-backup: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: talos-etcd-backup-local-secret + name: talos-etcd-backup-local-config key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: talos-etcd-backup-local-secret + name: talos-etcd-backup-local-config key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: us-east-1 @@ -57,7 +57,7 @@ etcd-backup: - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: - name: talos-etcd-backup-local-secret + name: talos-etcd-backup-local-config key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" @@ -72,9 +72,9 @@ etcd-backup: - /scripts/prune.sh envFrom: - secretRef: - name: talos-etcd-backup-local-secret + name: talos-etcd-backup-local-config - secretRef: - name: talos-backup-ntfy-secret + name: talos-ntfy-config env: - name: TARGET value: Local @@ -117,12 +117,12 @@ etcd-backup: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: talos-etcd-backup-remote-secret + name: talos-etcd-backup-remote-config key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: talos-etcd-backup-remote-secret + name: talos-etcd-backup-remote-config key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: us-east-1 @@ -137,7 +137,7 @@ etcd-backup: - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: - name: talos-etcd-backup-remote-secret + name: talos-etcd-backup-remote-config key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" @@ -152,9 +152,9 @@ etcd-backup: - /scripts/prune.sh envFrom: - secretRef: - name: talos-etcd-backup-remote-secret + name: talos-etcd-backup-remote-config - secretRef: - name: talos-backup-ntfy-secret + name: talos-ntfy-config env: - name: TARGET value: Remote @@ -197,12 +197,12 @@ etcd-backup: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: talos-etcd-backup-external-secret + name: talos-etcd-backup-external-config key: AWS_ACCESS_KEY_ID - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: talos-etcd-backup-external-secret + name: talos-etcd-backup-external-config key: AWS_SECRET_ACCESS_KEY - name: AWS_REGION value: nyc3 @@ -217,7 +217,7 @@ etcd-backup: - name: AGE_X25519_PUBLIC_KEY valueFrom: secretKeyRef: - name: talos-etcd-backup-external-secret + name: talos-etcd-backup-external-config key: AGE_X25519_PUBLIC_KEY - name: USE_PATH_STYLE value: "false" @@ -232,9 +232,9 @@ etcd-backup: - /scripts/prune.sh envFrom: - secretRef: - name: talos-etcd-backup-external-secret + name: talos-etcd-backup-external-config - secretRef: - name: talos-backup-ntfy-secret + name: talos-ntfy-config env: - name: TARGET value: External @@ -280,9 +280,13 @@ etcd-backup: - path: /scripts/prune.sh subPath: prune.sh s3cmd-config-local: - enabled: true - type: secret - name: talos-etcd-backup-local-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: talos-etcd-backup-local-config advancedMounts: local: s3-prune: @@ -291,9 +295,13 @@ etcd-backup: mountPropagation: None subPath: .s3cfg s3cmd-config-remote: - enabled: true - type: secret - name: talos-etcd-backup-remote-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: talos-etcd-backup-remote-config advancedMounts: remote: s3-prune: @@ -302,9 +310,13 @@ etcd-backup: mountPropagation: None subPath: .s3cfg s3cmd-config-external: - enabled: true - type: secret - name: talos-etcd-backup-external-secret + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: talos-etcd-backup-external-config advancedMounts: external: s3-prune: @@ -312,7 +324,7 @@ etcd-backup: readOnly: true mountPropagation: None subPath: .s3cfg - tmp-local: + tmp: type: emptyDir medium: Memory advancedMounts: @@ -320,23 +332,15 @@ etcd-backup: backup: - path: /tmp readOnly: false - tmp-remote: - type: emptyDir - medium: Memory - advancedMounts: remote: backup: - path: /tmp readOnly: false - tmp-external: - type: emptyDir - medium: Memory - advancedMounts: external: backup: - path: /tmp readOnly: false - talos-local: + talos: type: emptyDir medium: Memory advancedMounts: @@ -344,18 +348,10 @@ etcd-backup: backup: - path: /.talos readOnly: false - talos-remote: - type: emptyDir - medium: Memory - advancedMounts: remote: backup: - path: /.talos readOnly: false - talos-external: - type: emptyDir - medium: Memory - advancedMounts: external: backup: - path: /.talos @@ -449,36 +445,24 @@ etcd-defrag: - name: TALOSCONFIG value: /tmp/.talos/config persistence: - talos-config-1: - enabled: true - type: secret - name: talos-etcd-defrag-secret + config: + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: talos-etcd-defrag-config advancedMounts: defrag-1: main: - - path: /tmp/.talos/config + - path: /tmp/.talos/ readOnly: true - mountPropagation: None - subPath: config - talos-config-2: - enabled: true - type: secret - name: talos-etcd-defrag-secret - advancedMounts: defrag-2: main: - - path: /tmp/.talos/config + - path: /tmp/.talos/ readOnly: true - mountPropagation: None - subPath: config - talos-config-3: - enabled: true - type: secret - name: talos-etcd-defrag-secret - advancedMounts: defrag-3: main: - - path: /tmp/.talos/config + - path: /tmp/.talos/ readOnly: true - mountPropagation: None - subPath: config -- 2.49.1 From e1b98ccd3c2a1cb3cd56c9d2ab16a7ae0de6c35f Mon Sep 17 00:00:00 2001 From: Alex Lebens Date: Thu, 23 Apr 2026 17:25:56 -0500 Subject: [PATCH 12/12] feat: add more --- .../templates/external-secret.yaml | 6 +- .../templates/external-secret.yaml | 6 +- .../helm/talos/templates/external-secret.yaml | 4 +- clusters/cl01tl/helm/talos/values.yaml | 6 +- .../cl01tl/helm/tdarr/templates/_helpers.tpl | 7 + .../templates/persistent-volume-claim.yaml | 6 +- .../tdarr/templates/persistent-volume.yaml | 4 +- .../helm/traefik/templates/namespace.yaml | 4 +- .../helm/tubearchivist/templates/_helpers.tpl | 10 + .../templates/elasticsearch.yaml | 6 +- .../templates/external-secret.yaml | 52 +++--- .../tubearchivist/templates/namespace.yaml | 4 +- .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- .../cl01tl/helm/tubearchivist/values.yaml | 18 +- .../helm/unpackerr/templates/_helpers.tpl | 7 + .../unpackerr/templates/external-secret.yaml | 22 +-- .../templates/persistent-volume-claim.yaml | 6 +- .../templates/persistent-volume.yaml | 4 +- clusters/cl01tl/helm/unpackerr/values.yaml | 2 +- .../unpoller/templates/external-secret.yaml | 10 +- .../helm/vault/templates/external-secret.yaml | 172 +++++++----------- .../templates/secret-provider-class.yaml | 58 ++++++ clusters/cl01tl/helm/vault/values.yaml | 56 ++++-- clusters/cl01tl/helm/vaultwarden/Chart.yaml | 2 +- .../templates/external-secret.yaml | 14 +- clusters/cl01tl/helm/vaultwarden/values.yaml | 8 +- .../yamtrack/templates/external-secret.yaml | 14 +- clusters/cl01tl/helm/yamtrack/values.yaml | 4 +- 29 files changed, 293 insertions(+), 229 deletions(-) create mode 100644 clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml diff --git a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml index 9ecb730d3..a6ac7e692 100644 --- a/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/audiobookshelf/templates/external-secret.yaml @@ -15,9 +15,13 @@ spec: mergePolicy: Merge engineVersion: v2 data: - ntfy-url: "{{ `{{ .endpoint }}` }}/audiobookshelf" + ntfy-url: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}" data: - secretKey: endpoint remoteRef: key: /cl01tl/ntfy/users/cl01tl property: internal-endpoint-credential + - secretKey: topic + remoteRef: + key: /cl01tl/ntfy/topics + property: audiobookshelf diff --git a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml index e7f624514..6ce5e9896 100644 --- a/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/qbittorrent/templates/external-secret.yaml @@ -15,12 +15,16 @@ spec: mergePolicy: Merge engineVersion: v2 data: - ntfy-url: "{{ `{{ .endpoint }}` }}/qbit-manage" + ntfy-url: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}" data: - secretKey: endpoint remoteRef: key: /cl01tl/ntfy/users/cl01tl property: internal-endpoint-credential + - secretKey: topic + remoteRef: + key: /cl01tl/ntfy/topics + property: qbit-manage --- apiVersion: external-secrets.io/v1 diff --git a/clusters/cl01tl/helm/talos/templates/external-secret.yaml b/clusters/cl01tl/helm/talos/templates/external-secret.yaml index 77d47b660..f319406c2 100644 --- a/clusters/cl01tl/helm/talos/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/talos/templates/external-secret.yaml @@ -114,5 +114,5 @@ spec: property: internal-endpoint - secretKey: NTFY_TOPIC remoteRef: - key: /cl01tl/talos/ntfy - property: topic + key: /cl01tl/ntfy/topics + property: talos diff --git a/clusters/cl01tl/helm/talos/values.yaml b/clusters/cl01tl/helm/talos/values.yaml index a704768bc..925e9ce20 100644 --- a/clusters/cl01tl/helm/talos/values.yaml +++ b/clusters/cl01tl/helm/talos/values.yaml @@ -279,7 +279,7 @@ etcd-backup: s3-prune: - path: /scripts/prune.sh subPath: prune.sh - s3cmd-config-local: + etcd-backup-local-config: type: custom volumeSpec: csi: @@ -294,7 +294,7 @@ etcd-backup: readOnly: true mountPropagation: None subPath: .s3cfg - s3cmd-config-remote: + etcd-backup-remote-config: type: custom volumeSpec: csi: @@ -309,7 +309,7 @@ etcd-backup: readOnly: true mountPropagation: None subPath: .s3cfg - s3cmd-config-external: + etcd-backup-external-config: type: custom volumeSpec: csi: diff --git a/clusters/cl01tl/helm/tdarr/templates/_helpers.tpl b/clusters/cl01tl/helm/tdarr/templates/_helpers.tpl index 10688fcef..dc9e48d49 100644 --- a/clusters/cl01tl/helm/tdarr/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/tdarr/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +tdarr-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml index 4b76fae0b..7652a28b7 100644 --- a/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/tdarr/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: tdarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tdarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: tdarr-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml index 7417aefd8..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/tdarr/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: tdarr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tdarr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/traefik/templates/namespace.yaml b/clusters/cl01tl/helm/traefik/templates/namespace.yaml index a053774e0..bbbe36926 100644 --- a/clusters/cl01tl/helm/traefik/templates/namespace.yaml +++ b/clusters/cl01tl/helm/traefik/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: traefik + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: traefik + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl b/clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl index 10688fcef..7e116efdd 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/tubearchivist/templates/_helpers.tpl @@ -12,3 +12,13 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +tubearchivist-nfs-storage +{{- end -}} +{{- define "custom.storageSnapshotNfsName" -}} +tubearchivist-snapshot-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml index 1836d11ba..4087eb4d0 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/elasticsearch.yaml @@ -11,7 +11,7 @@ spec: version: 9.3.3 auth: fileRealm: - - secretName: tubearchivist-elasticsearch-secret + - secretName: tubearchivist-elasticsearch-config nodeSets: - name: default count: 2 @@ -21,14 +21,14 @@ spec: podTemplate: spec: volumes: - - name: tubearchivist-snapshot-nfs-storage + - name: {{ include "custom.storageSnapshotNfsName" . }} nfs: path: /volume2/Storage/TubeArchivist server: synologybond.alexlebens.net containers: - name: elasticsearch volumeMounts: - - name: tubearchivist-snapshot-nfs-storage + - name: {{ include "custom.storageSnapshotNfsName" . }} mountPath: /usr/share/elasticsearch/data/snapshot volumeClaimTemplates: - metadata: diff --git a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml index a1ff4fb23..913a05819 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/external-secret.yaml @@ -1,38 +1,38 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tubearchivist-config-secret + name: tubearchivist-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tubearchivist-config-secret + app.kubernetes.io/name: tubearchivist-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ELASTIC_PASSWORD remoteRef: - key: /cl01tl/tubearchivist/env - property: ELASTIC_PASSWORD + key: /cl01tl/tubearchivist/elasticsearch + property: password - secretKey: TA_PASSWORD remoteRef: - key: /cl01tl/tubearchivist/env - property: TA_PASSWORD + key: /cl01tl/tubearchivist/config + property: password --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tubearchivist-elasticsearch-secret + name: tubearchivist-elasticsearch-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tubearchivist-elasticsearch-secret + app.kubernetes.io/name: tubearchivist-elasticsearch-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: username remoteRef: @@ -51,29 +51,29 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: tubearchivist-wireguard-conf + name: protonvpn-wireguard-conf namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tubearchivist-wireguard-conf + app.kubernetes.io/name: protonvpn-wireguard-conf {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: + - secretKey: conf + remoteRef: + key: /protonvpn/config + property: conf + - secretKey: email + remoteRef: + key: /protonvpn/config + property: email + - secretKey: password + remoteRef: + key: /protonvpn/config + property: password - secretKey: private-key remoteRef: - key: /airvpn/conf/cl01tl + key: /protonvpn/config property: private-key - - secretKey: preshared-key - remoteRef: - key: /airvpn/conf/cl01tl - property: preshared-key - - secretKey: addresses - remoteRef: - key: /airvpn/conf/cl01tl - property: addresses - - secretKey: input-ports - remoteRef: - key: /airvpn/conf/cl01tl - property: input-ports diff --git a/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml b/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml index d5f39b622..bbbe36926 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/namespace.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: Namespace metadata: - name: tubearchivist + name: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tubearchivist + app.kubernetes.io/name: {{ .Release.Namespace }} {{- include "custom.labels" . | nindent 4 }} pod-security.kubernetes.io/audit: privileged pod-security.kubernetes.io/enforce: privileged diff --git a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml index 831e2ac58..7652a28b7 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: tubearchivist-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tubearchivist-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: tubearchivist-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml index c0946d4ed..f537e7401 100644 --- a/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/tubearchivist/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: tubearchivist-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: tubearchivist-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/tubearchivist/values.yaml b/clusters/cl01tl/helm/tubearchivist/values.yaml index f71d06a66..109096d2f 100644 --- a/clusters/cl01tl/helm/tubearchivist/values.yaml +++ b/clusters/cl01tl/helm/tubearchivist/values.yaml @@ -34,7 +34,7 @@ tubearchivist: value: admin envFrom: - secretRef: - name: tubearchivist-config-secret + name: tubearchivist-config resources: requests: cpu: 10m @@ -53,26 +53,16 @@ tubearchivist: command: ["/bin/sh", "-c", "(ip rule del table 51820; ip -6 rule del table 51820) || true"] env: - name: VPN_SERVICE_PROVIDER - value: airvpn + value: protonvpn - name: VPN_TYPE value: wireguard - name: WIREGUARD_PRIVATE_KEY valueFrom: secretKeyRef: - name: tubearchivist-wireguard-conf + name: protonvpn-wireguard-conf key: private-key - - name: WIREGUARD_PRESHARED_KEY - valueFrom: - secretKeyRef: - name: tubearchivist-wireguard-conf - key: preshared-key - - name: WIREGUARD_ADDRESSES - valueFrom: - secretKeyRef: - name: tubearchivist-wireguard-conf - key: addresses - name: FIREWALL_OUTBOUND_SUBNETS - value: 10.0.0.0/8 + value: 192.168.1.0/24,10.244.0.0/16 - name: FIREWALL_INPUT_PORTS value: 80,8000,24000 - name: DNS_UPSTREAM_RESOLVER_TYPE diff --git a/clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl b/clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl index 10688fcef..7764bbd80 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl +++ b/clusters/cl01tl/helm/unpackerr/templates/_helpers.tpl @@ -12,3 +12,10 @@ Selector labels app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/part-of: {{ .Release.Name }} {{- end }} + +{{/* +NFS names +*/}} +{{- define "custom.storageNfsName" -}} +unpackerr-nfs-storage +{{- end -}} diff --git a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml index 16d085afd..21bf6b1ca 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/unpackerr/templates/external-secret.yaml @@ -1,45 +1,45 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: unpackerr-key-secret + name: unpackerr-key-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: unpackerr-key-secret + app.kubernetes.io/name: unpackerr-key-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: UN_SONARR_0_API_KEY remoteRef: - key: /cl01tl/sonarr4/key + key: /cl01tl/sonarr/key property: key - secretKey: UN_SONARR_1_API_KEY remoteRef: - key: /cl01tl/sonarr4-4k/key + key: /cl01tl/sonarr-4k/key property: key - secretKey: UN_SONARR_2_API_KEY remoteRef: - key: /cl01tl/sonarr4-anime/key + key: /cl01tl/sonarr-anime/key property: key - secretKey: UN_RADARR_0_API_KEY remoteRef: - key: /cl01tl/radarr5/key + key: /cl01tl/radarr/key property: key - secretKey: UN_RADARR_1_API_KEY remoteRef: - key: /cl01tl/radarr5-4k/key + key: /cl01tl/radarr-4k/key property: key - secretKey: UN_RADARR_2_API_KEY remoteRef: - key: /cl01tl/radarr5-anime/key + key: /cl01tl/radarr-anime/key property: key - secretKey: UN_RADARR_3_API_KEY remoteRef: - key: /cl01tl/radarr5-standup/key + key: /cl01tl/radarr-standup/key property: key - secretKey: UN_LIDARR_0_API_KEY remoteRef: - key: /cl01tl/lidarr2/key + key: /cl01tl/lidarr/key property: key diff --git a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml index 5fb701984..7652a28b7 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml +++ b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume-claim.yaml @@ -1,13 +1,13 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - name: unpackerr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: unpackerr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: - volumeName: unpackerr-nfs-storage + volumeName: {{ include "custom.storageNfsName" . }} storageClassName: nfs-client accessModes: - ReadWriteMany diff --git a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml index d633dedd7..7ce8d62aa 100644 --- a/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml +++ b/clusters/cl01tl/helm/unpackerr/templates/persistent-volume.yaml @@ -1,10 +1,10 @@ apiVersion: v1 kind: PersistentVolume metadata: - name: unpackerr-nfs-storage + name: {{ include "custom.storageNfsName" . }} namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: unpackerr-nfs-storage + app.kubernetes.io/name: {{ include "custom.storageNfsName" . }} {{- include "custom.labels" . | nindent 4 }} spec: persistentVolumeReclaimPolicy: Retain diff --git a/clusters/cl01tl/helm/unpackerr/values.yaml b/clusters/cl01tl/helm/unpackerr/values.yaml index 89eed5252..aa89d2c83 100644 --- a/clusters/cl01tl/helm/unpackerr/values.yaml +++ b/clusters/cl01tl/helm/unpackerr/values.yaml @@ -52,7 +52,7 @@ unpackerr: value: /mnt/store/Torrent/FINISHED/COMPLETED envFrom: - secretRef: - name: unpackerr-key-secret + name: unpackerr-key-config resources: requests: cpu: 10m diff --git a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml index 5eb1bb4b2..78b6aa20d 100644 --- a/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/unpoller/templates/external-secret.yaml @@ -1,21 +1,21 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: unpoller-unifi-secret + name: unpoller-unifi-credentials namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: unpoller-unifi-secret + app.kubernetes.io/name: unpoller-unifi-credentials {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: UP_UNIFI_CONTROLLER_0_USER remoteRef: - key: /unifi/auth/cl01tl + key: /unifi/users/cl01tl property: user - secretKey: UP_UNIFI_CONTROLLER_0_PASS remoteRef: - key: /unifi/auth/cl01tl + key: /unifi/users/cl01tl property: password diff --git a/clusters/cl01tl/helm/vault/templates/external-secret.yaml b/clusters/cl01tl/helm/vault/templates/external-secret.yaml index 1f6df90eb..7f133691e 100644 --- a/clusters/cl01tl/helm/vault/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vault/templates/external-secret.yaml @@ -1,120 +1,81 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vault-snapshot-agent-token + name: vault-snapshot-agent-role namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vault-snapshot-agent-token + app.kubernetes.io/name: vault-snapshot-agent-role {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: VAULT_APPROLE_ROLE_ID remoteRef: - key: /cl01tl/vault/snapshot - property: VAULT_APPROLE_ROLE_ID + key: /cl01tl/vault/role/snapshot + property: role-id - secretKey: VAULT_APPROLE_SECRET_ID remoteRef: - key: /cl01tl/vault/snapshot - property: VAULT_APPROLE_SECRET_ID + key: /cl01tl/vault/role/snapshot + property: secret-id --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vault-s3cmd-local-config + name: vault-backup-local-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vault-s3cmd-local-config + app.kubernetes.io/name: vault-backup-local-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: .s3cfg - remoteRef: - key: /garage/home-infra/vault-backups - property: s3cfg-local - secretKey: BUCKET remoteRef: key: /garage/home-infra/vault-backups - property: BUCKET + property: BUCKET_PATH --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vault-s3cmd-remote-config + name: vault-backup-remote-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vault-s3cmd-remote-config + app.kubernetes.io/name: vault-backup-remote-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: .s3cfg - remoteRef: - key: /garage/home-infra/vault-backups - property: s3cfg-remote - secretKey: BUCKET remoteRef: key: /garage/home-infra/vault-backups - property: BUCKET + property: BUCKET_PATH --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vault-s3cmd-external-config + name: vault-backup-external-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vault-s3cmd-external-config + app.kubernetes.io/name: vault-backup-external-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: .s3cfg - remoteRef: - key: /digital-ocean/home-infra/vault-backup - property: s3cfg - secretKey: BUCKET remoteRef: key: /digital-ocean/home-infra/vault-backup - property: BUCKET - ---- -apiVersion: external-secrets.io/v1 -kind: ExternalSecret -metadata: - name: vault-backup-ntfy-secret - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: vault-backup-ntfy-secret - {{- include "custom.labels" . | nindent 4 }} -spec: - secretStoreRef: - kind: ClusterSecretStore - name: vault - data: - - secretKey: NTFY_TOKEN - remoteRef: - key: /ntfy/user/cl01tl - property: token - - secretKey: NTFY_ENDPOINT - remoteRef: - key: /ntfy/user/cl01tl - property: endpoint - - secretKey: NTFY_TOPIC - remoteRef: - key: /cl01tl/vault/snapshot - property: NTFY_TOPIC + property: BUCKET_PATH --- apiVersion: external-secrets.io/v1 @@ -128,24 +89,20 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/vault/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/vault/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/vault/unseal - property: TOKENS_1 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/vault/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-1 --- apiVersion: external-secrets.io/v1 @@ -159,24 +116,20 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/vault/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/vault/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/vault/unseal - property: TOKENS_2 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/vault/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-2 --- apiVersion: external-secrets.io/v1 @@ -190,60 +143,73 @@ metadata: spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: ENVIRONMENT remoteRef: key: /cl01tl/vault/unseal - property: ENVIRONMENT + property: environment - secretKey: NODES remoteRef: key: /cl01tl/vault/unseal - property: NODES + property: nodes - secretKey: TOKENS remoteRef: key: /cl01tl/vault/unseal - property: TOKENS_3 - - secretKey: NOTIFY_QUEUE_URLS - remoteRef: - key: /cl01tl/vault/unseal - property: NOTIFY_QUEUE_URLS + property: tokens-3 --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vault-token + name: vault-ntfy-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vault-token + app.kubernetes.io/name: vault-ntfy-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: token + - secretKey: NTFY_TOKEN remoteRef: - key: /cl01tl/vault/token + key: /ntfy/user/cl01tl property: token - - secretKey: unseal_key_1 + - secretKey: NTFY_ENDPOINT remoteRef: - key: /cl01tl/vault/token - property: unseal_key_1 - - secretKey: unseal_key_2 + key: /ntfy/user/cl01tl + property: endpoint + - secretKey: NTFY_TOPIC remoteRef: - key: /cl01tl/vault/token - property: unseal_key_2 - - secretKey: unseal_key_3 + key: /cl01tl/ntfy/topics + property: vault + +--- +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: vault-ntfy-unseal-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vault-ntfy-unseal-config + {{- include "custom.labels" . | nindent 4 }} +spec: + secretStoreRef: + kind: ClusterSecretStore + name: openbao + target: + template: + mergePolicy: Merge + engineVersion: v2 + data: + NOTIFY_QUEUE_URLS: "{{ `{{ .endpoint }}` }}/{{ `{{ .topic }}` }}/?priority=4&tags=vault,unseal&title=Vault+Unsealed" + data: + - secretKey: endpoint remoteRef: - key: /cl01tl/vault/token - property: unseal_key_3 - - secretKey: unseal_key_4 + key: /cl01tl/ntfy/users/cl01tl + property: internal-endpoint-credential + - secretKey: topic remoteRef: - key: /cl01tl/vault/token - property: unseal_key_4 - - secretKey: unseal_key_5 - remoteRef: - key: /cl01tl/vault/token - property: unseal_key_5 + key: /cl01tl/ntfy/topics + property: vault diff --git a/clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml b/clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml new file mode 100644 index 000000000..97627ac01 --- /dev/null +++ b/clusters/cl01tl/helm/vault/templates/secret-provider-class.yaml @@ -0,0 +1,58 @@ +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: vault-backup-local-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vault-backup-local-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: slskd + objects: | + - objectName: .s3cfg + fileName: .s3cfg + secretPath: secret/data/garage/home-infra/vault-backups + secretKey: s3cfg-local + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: vault-backup-remote-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vault-backup-remote-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: slskd + objects: | + - objectName: .s3cfg + fileName: .s3cfg + secretPath: secret/data/garage/home-infra/vault-backups + secretKey: s3cfg-remote + +--- +apiVersion: secrets-store.csi.x-k8s.io/v1 +kind: SecretProviderClass +metadata: + name: vault-backup-external-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: vault-backup-external-config + {{- include "custom.labels" . | nindent 4 }} +spec: + provider: openbao + parameters: + baoAddress: "http://openbao-internal.openbao:8200" + roleName: slskd + objects: | + - objectName: .s3cfg + fileName: .s3cfg + secretPath: secret/data/digital-ocean/home-infra/vault-backups + secretKey: s3cfg diff --git a/clusters/cl01tl/helm/vault/values.yaml b/clusters/cl01tl/helm/vault/values.yaml index ef58a705b..41cbb085d 100644 --- a/clusters/cl01tl/helm/vault/values.yaml +++ b/clusters/cl01tl/helm/vault/values.yaml @@ -119,7 +119,7 @@ snapshot: - /scripts/snapshot.sh envFrom: - secretRef: - name: vault-snapshot-agent-token + name: vault-snapshot-agent-role env: - name: VAULT_ADDR value: http://vault-active.vault.svc.cluster.local:8200 @@ -135,12 +135,12 @@ snapshot: - /scripts/backup.sh envFrom: - secretRef: - name: vault-backup-ntfy-secret + name: vault-ntfy-config env: - name: BUCKET valueFrom: secretKeyRef: - name: vault-s3cmd-local-config + name: vault-backup-local-config key: BUCKET - name: TARGET value: Local @@ -155,12 +155,12 @@ snapshot: - /scripts/backup.sh envFrom: - secretRef: - name: vault-backup-ntfy-secret + name: vault-ntfy-config env: - name: BUCKET valueFrom: secretKeyRef: - name: vault-s3cmd-remote-config + name: vault-backup-remote-config key: BUCKET - name: TARGET value: Remote @@ -175,12 +175,12 @@ snapshot: - /scripts/backup.sh envFrom: - secretRef: - name: vault-backup-ntfy-secret + name: vault-ntfy-config env: - name: BUCKET valueFrom: secretKeyRef: - name: vault-s3cmd-external-config + name: vault-backup-external-config key: BUCKET - name: TARGET value: External @@ -211,10 +211,14 @@ snapshot: s3-backup-external: - path: /scripts/backup.sh subPath: backup.sh - s3cmd-local-config: - enabled: true - type: secret - name: vault-s3cmd-local-config + backup-local-config: + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: vault-backup-local-config advancedMounts: snapshot: s3-backup-local: @@ -222,10 +226,14 @@ snapshot: readOnly: true mountPropagation: None subPath: .s3cfg - s3cmd-remote-config: - enabled: true - type: secret - name: vault-s3cmd-remote-config + backup-remote-config: + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: vault-backup-remote-config advancedMounts: snapshot: s3-backup-remote: @@ -233,10 +241,14 @@ snapshot: readOnly: true mountPropagation: None subPath: .s3cfg - s3cmd-external-config: - enabled: true - type: secret - name: vault-s3cmd-external-config + backup-external-config: + type: custom + volumeSpec: + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: vault-backup-external-config advancedMounts: snapshot: s3-backup-external: @@ -276,6 +288,8 @@ unseal: envFrom: - secretRef: name: vault-unseal-config-1 + - secretRef: + name: vault-ntfy-unseal-config resources: requests: cpu: 1m @@ -292,6 +306,8 @@ unseal: envFrom: - secretRef: name: vault-unseal-config-2 + - secretRef: + name: vault-ntfy-unseal-config resources: requests: cpu: 1m @@ -308,6 +324,8 @@ unseal: envFrom: - secretRef: name: vault-unseal-config-3 + - secretRef: + name: vault-ntfy-unseal-config resources: requests: cpu: 1m diff --git a/clusters/cl01tl/helm/vaultwarden/Chart.yaml b/clusters/cl01tl/helm/vaultwarden/Chart.yaml index 60e0bada4..7d7aedcf9 100644 --- a/clusters/cl01tl/helm/vaultwarden/Chart.yaml +++ b/clusters/cl01tl/helm/vaultwarden/Chart.yaml @@ -5,7 +5,7 @@ description: Vaultwarden keywords: - vaultwarden - password-manager -home: https://docs.alexlebens.dev/applications/vault/ +home: https://docs.alexlebens.dev/applications/vaultwarden/ sources: - https://github.com/dani-garcia/vaultwarden - https://github.com/dani-garcia/vaultwarden/pkgs/container/vaultwarden diff --git a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml index 669c08ca3..b38ee3023 100644 --- a/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/vaultwarden/templates/external-secret.yaml @@ -1,21 +1,21 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: vaultwarden-oidc-secret + name: vaultwarden-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: vaultwarden-oidc-secret + app.kubernetes.io/name: vaultwarden-oidc-authentik {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - - secretKey: client + - secretKey: SSO_CLIENT_ID remoteRef: - key: /authentik/oidc/vaultwarden + key: /cl01tl/authentik/oidc/vaultwarden property: client - - secretKey: secret + - secretKey: SSO_CLIENT_SECRET remoteRef: - key: /authentik/oidc/vaultwarden + key: /cl01tl/authentik/oidc/vaultwarden property: secret diff --git a/clusters/cl01tl/helm/vaultwarden/values.yaml b/clusters/cl01tl/helm/vaultwarden/values.yaml index 860af6b09..24998f46e 100644 --- a/clusters/cl01tl/helm/vaultwarden/values.yaml +++ b/clusters/cl01tl/helm/vaultwarden/values.yaml @@ -32,13 +32,13 @@ vaultwarden: - name: SSO_CLIENT_ID valueFrom: secretKeyRef: - name: vaultwarden-oidc-secret - key: client + name: vaultwarden-oidc-authentik + key: SSO_CLIENT_ID - name: SSO_CLIENT_SECRET valueFrom: secretKeyRef: - name: vaultwarden-oidc-secret - key: secret + name: vaultwarden-oidc-authentik + key: SSO_CLIENT_SECRET resources: requests: cpu: 10m diff --git a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml index 8df459d64..6dff59587 100644 --- a/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml +++ b/clusters/cl01tl/helm/yamtrack/templates/external-secret.yaml @@ -1,15 +1,15 @@ apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: yamtrack-config-secret + name: yamtrack-config namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: yamtrack-config-secret + app.kubernetes.io/name: yamtrack-config {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: SECRET remoteRef: @@ -20,17 +20,17 @@ spec: apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: - name: yamtrack-oidc-secret + name: yamtrack-oidc-authentik namespace: {{ .Release.Namespace }} labels: - app.kubernetes.io/name: yamtrack-oidc-secret + app.kubernetes.io/name: yamtrack-oidc-authentik {{- include "custom.labels" . | nindent 4 }} spec: secretStoreRef: kind: ClusterSecretStore - name: vault + name: openbao data: - secretKey: SOCIALACCOUNT_PROVIDERS remoteRef: - key: /authentik/oidc/yamtrack + key: /cl01tl/authentik/oidc/yamtrack property: SOCIALACCOUNT_PROVIDERS diff --git a/clusters/cl01tl/helm/yamtrack/values.yaml b/clusters/cl01tl/helm/yamtrack/values.yaml index 07516c736..a9066e63b 100644 --- a/clusters/cl01tl/helm/yamtrack/values.yaml +++ b/clusters/cl01tl/helm/yamtrack/values.yaml @@ -21,12 +21,12 @@ yamtrack: - name: SOCIALACCOUNT_PROVIDERS valueFrom: secretKeyRef: - name: yamtrack-oidc-secret + name: yamtrack-oidc-authentik key: SOCIALACCOUNT_PROVIDERS - name: SECRET valueFrom: secretKeyRef: - name: yamtrack-config-secret + name: yamtrack-config key: SECRET - name: REDIS_URL value: redis://yamtrack-valkey.yamtrack:6379 -- 2.49.1