Compare commits
1 Commits
renovate/l
...
9a8d347509
| Author | SHA1 | Date | |
|---|---|---|---|
| 9a8d347509 |
38
README.md
38
README.md
@@ -45,41 +45,3 @@ The app-of-apps will bootstrap a fully featured cluster with the following compo
|
||||
todo
|
||||
|
||||
|
||||
|
||||
|
||||
### Status
|
||||
[](https://argocd.kluster.moll.re/applications/authelia-application)
|
||||
[](https://argocd.kluster.moll.re/applications/backup-application)
|
||||
[](https://argocd.kluster.moll.re/applications/external-application)
|
||||
[](https://argocd.kluster.moll.re/applications/external-dns-application)
|
||||
[](https://argocd.kluster.moll.re/applications/gitea-application)
|
||||
[](https://argocd.kluster.moll.re/applications/metallb-application)
|
||||
[](https://argocd.kluster.moll.re/applications/monitoring-application)
|
||||
[](https://argocd.kluster.moll.re/applications/nfs-provisioner-application)
|
||||
[](https://argocd.kluster.moll.re/applications/pg-ha-application)
|
||||
[](https://argocd.kluster.moll.re/applications/renovate-application)
|
||||
[](https://argocd.kluster.moll.re/applications/sealedsecrets-application)
|
||||
[](https://argocd.kluster.moll.re/applications/traefik-application)
|
||||
|
||||
|
||||
---
|
||||
[](https://argocd.kluster.moll.re/applications/adguard-application)
|
||||
[](https://argocd.kluster.moll.re/applications/audiobookshelf-application)
|
||||
[](https://argocd.kluster.moll.re/applications/code-server-application)
|
||||
[](https://argocd.kluster.moll.re/applications/files-application)
|
||||
[](https://argocd.kluster.moll.re/applications/finance-application)
|
||||
[](https://argocd.kluster.moll.re/applications/grafana-application)
|
||||
[](https://argocd.kluster.moll.re/applications/homeassistant-application)
|
||||
[](https://argocd.kluster.moll.re/applications/immich-application)
|
||||
[](https://argocd.kluster.moll.re/applications/kitchenowl-application)
|
||||
[](https://argocd.kluster.moll.re/applications/linkding-application)
|
||||
[](https://argocd.kluster.moll.re/applications/media-application)
|
||||
[](https://argocd.kluster.moll.re/applications/minecraft-application)
|
||||
[](https://argocd.kluster.moll.re/applications/ntfy-application)
|
||||
[](https://argocd.kluster.moll.re/applications/paperless-application)
|
||||
[](https://argocd.kluster.moll.re/applications/recipes-application)
|
||||
[](https://argocd.kluster.moll.re/applications/rss-application)
|
||||
---
|
||||
[](https://argocd.kluster.moll.re/applications/journal-application)
|
||||
[](https://argocd.kluster.moll.re/applications/physics-application)
|
||||
|
||||
|
||||
@@ -27,10 +27,7 @@ data:
|
||||
ratelimit_whitelist: []
|
||||
refuse_any: true
|
||||
upstream_dns:
|
||||
- tls://1.1.1.1
|
||||
- tls://dns.google
|
||||
- tls://p0.freedns.controld.com
|
||||
- tls://dns.quad9.net
|
||||
- https://dns10.quad9.net/dns-query
|
||||
upstream_dns_file: ""
|
||||
bootstrap_dns:
|
||||
- 9.9.9.10
|
||||
@@ -38,7 +35,8 @@ data:
|
||||
- 2620:fe::10
|
||||
- 2620:fe::fe:10
|
||||
fallback_dns: []
|
||||
upstream_mode: load_balance
|
||||
all_servers: false
|
||||
fastest_addr: false
|
||||
fastest_timeout: 1s
|
||||
allowed_clients: []
|
||||
disallowed_clients: []
|
||||
@@ -74,8 +72,6 @@ data:
|
||||
dns64_prefixes: []
|
||||
serve_http3: false
|
||||
use_http3_upstreams: false
|
||||
serve_plain_dns: true
|
||||
hostsfile_enabled: true
|
||||
tls:
|
||||
enabled: false
|
||||
server_name: ""
|
||||
@@ -92,14 +88,12 @@ data:
|
||||
private_key_path: ""
|
||||
strict_sni_check: false
|
||||
querylog:
|
||||
dir_path: ""
|
||||
ignored: []
|
||||
interval: 2160h
|
||||
size_memory: 1000
|
||||
enabled: true
|
||||
file_enabled: true
|
||||
statistics:
|
||||
dir_path: ""
|
||||
ignored: []
|
||||
interval: 24h
|
||||
enabled: true
|
||||
@@ -116,10 +110,6 @@ data:
|
||||
url: https://someonewhocares.org/hosts/zero/hosts
|
||||
name: Dan Pollock's List
|
||||
id: 1684963532
|
||||
- enabled: true
|
||||
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_3.txt
|
||||
name: Peter Lowe's Blocklist
|
||||
id: 1735824753
|
||||
whitelist_filters: []
|
||||
user_rules: []
|
||||
dhcp:
|
||||
@@ -144,36 +134,13 @@ data:
|
||||
blocking_ipv6: ""
|
||||
blocked_services:
|
||||
schedule:
|
||||
time_zone: Europe/Berlin
|
||||
sun:
|
||||
start: 18h
|
||||
end: 23h59m
|
||||
mon:
|
||||
start: 18h
|
||||
end: 23h59m
|
||||
tue:
|
||||
start: 18h
|
||||
end: 23h59m
|
||||
wed:
|
||||
start: 18h
|
||||
end: 23h59m
|
||||
thu:
|
||||
start: 18h
|
||||
end: 23h59m
|
||||
fri:
|
||||
start: 18h
|
||||
end: 23h59m
|
||||
sat:
|
||||
start: 18h
|
||||
end: 23h59m
|
||||
ids:
|
||||
- reddit
|
||||
time_zone: UTC
|
||||
ids: []
|
||||
protection_disabled_until: null
|
||||
safe_search:
|
||||
enabled: false
|
||||
bing: true
|
||||
duckduckgo: true
|
||||
ecosia: true
|
||||
google: true
|
||||
pixabay: true
|
||||
yandex: true
|
||||
@@ -182,13 +149,11 @@ data:
|
||||
parental_block_host: family-block.dns.adguard.com
|
||||
safebrowsing_block_host: standard-block.dns.adguard.com
|
||||
rewrites: []
|
||||
safe_fs_patterns:
|
||||
- /opt/adguardhome/data/userfilters/*
|
||||
safebrowsing_cache_size: 1048576
|
||||
safesearch_cache_size: 1048576
|
||||
parental_cache_size: 1048576
|
||||
cache_time: 30
|
||||
filters_update_interval: 168
|
||||
filters_update_interval: 24
|
||||
blocked_response_ttl: 10
|
||||
filtering_enabled: true
|
||||
parental_enabled: true
|
||||
@@ -203,7 +168,6 @@ data:
|
||||
hosts: true
|
||||
persistent: []
|
||||
log:
|
||||
enabled: true
|
||||
file: ""
|
||||
max_backups: 0
|
||||
max_size: 100
|
||||
@@ -215,4 +179,4 @@ data:
|
||||
group: ""
|
||||
user: ""
|
||||
rlimit_nofile: 0
|
||||
schema_version: 29
|
||||
schema_version: 27
|
||||
|
||||
@@ -10,7 +10,7 @@ resources:
|
||||
images:
|
||||
- name: adguard/adguardhome
|
||||
newName: adguard/adguardhome
|
||||
newTag: v0.107.64
|
||||
newTag: v0.107.55
|
||||
|
||||
namespace: adguard
|
||||
|
||||
|
||||
@@ -12,4 +12,4 @@ namespace: audiobookshelf
|
||||
images:
|
||||
- name: audiobookshelf
|
||||
newName: ghcr.io/advplyr/audiobookshelf
|
||||
newTag: "2.26.3"
|
||||
newTag: "2.17.5"
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: code-server
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: code-server
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: code-server
|
||||
spec:
|
||||
containers:
|
||||
- name: code-server
|
||||
image: code-server
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
- name: CONFIG_PATH
|
||||
value: /data/config
|
||||
- name: METADATA_PATH
|
||||
value: /data/metadata
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /home/coder
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: "100Mi"
|
||||
limits:
|
||||
cpu: "6"
|
||||
memory: "16Gi"
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: code-server-data
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: audiobookshelf-ingressroute
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`code.kluster.moll.re`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: code-server-web
|
||||
port: 8080
|
||||
|
||||
tls:
|
||||
certResolver: default-tls
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
|
||||
namespace: code-server
|
||||
|
||||
images:
|
||||
- name: code-server
|
||||
newName: ghcr.io/coder/code-server
|
||||
newTag: 4.101.2-fedora
|
||||
@@ -1,11 +0,0 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: code-server-data
|
||||
spec:
|
||||
storageClassName: "nfs-client"
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
@@ -1,11 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: code-server-web
|
||||
spec:
|
||||
selector:
|
||||
app: code-server
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
type: LoadBalancer
|
||||
@@ -13,4 +13,4 @@ namespace: files
|
||||
images:
|
||||
- name: ocis
|
||||
newName: owncloud/ocis
|
||||
newTag: "7.2.0"
|
||||
newTag: "5.0.9"
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -21,9 +21,6 @@ spec:
|
||||
env:
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
envFrom:
|
||||
- secretRef:
|
||||
name: actualbudget-oidc
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
|
||||
@@ -9,9 +9,8 @@ resources:
|
||||
- actualbudget.deployment.yaml
|
||||
- actualbudget.service.yaml
|
||||
- actualbudget.ingress.yaml
|
||||
- oidc.sealedsecret.yaml
|
||||
|
||||
images:
|
||||
- name: actualbudget
|
||||
newName: actualbudget/actual-server
|
||||
newTag: 25.7.1
|
||||
newTag: 24.12.0
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: actualbudget-oidc
|
||||
namespace: finance
|
||||
spec:
|
||||
encryptedData:
|
||||
ACTUAL_OPENID_AUTH_METHOD: AgAhPqooAS/7R9S/X3KGfSfs3ClN38J9CEfkUTYAUvKGEehQ2Tz3thPNvhvnbz/gKRc7C172jgxoxaGMiVXi40Qa+I7Y8JVHefjoSd8NuubzQZU8ZK5KlYRgc5OnoPM3RLarHyZ2DFw5Q/ngv3sp1c5dSI4/604KSQPxVAFCnb/lnSkOsBggDRymWvYclx1NrLIClpLAFwHgCOm6g1kHCvtGIdBLxKOHsiRJm62+UyHt0GLkR0QFTDXBQxoBm9QR9kLjQqw/QqcOIVx1by0RHoHBI6HDEEIQVH3UgWqlMmIwm+a4KQeBEdEfWLn9YC8MGSdlQRlaZoi5ltFT2c/DWuMuRStnaOWbsMQVR+y6yJ2UNBe29uVQh6877iqfmAJvT6gXic73zI7Vkq6IFQ7veQPBaTi22HP/sxiElGI8rY0LtRHD4TctKSePaOPvsgrv8k8SpB5qYAft7UonbTPWzzRSSc4Y3Z4fQiD0x/uhtTqTTtukx39nzM2TjVGcJThWaxUGa07w1fjTafieFVwwreURBUpRK92X2NY3ovOdA9c1WrHfqIzVtpcnfQyCeA5D4XT2sBFk0+crwEm1GmtscjPkGnyctNMUSmkHd+QKw8EAmWxKge4+7rfOrZp5ZK7cBFJcB4gVQcxnm3bXr0qZyiA1udaxmSxVflQR2AjduvhKuE73AGPi0bJki5TvKJp6bavTotYfdMY=
|
||||
ACTUAL_OPENID_CLIENT_ID: AgA6X0uYaU1n4XSXVntmT4+NgahYkkMVx61OZP8ExnSMkRPlwQfErhNHrwKsTsnD8OzP3svhxBe5bwaI8O1OKF0k5pQWG0DbRfmBrwiep9nBsKPt+fQm0AJUsZ2sQNShusmsSEumBKbMD0CMPklVMq18tLpOIh/YaXM34lsOutW0SIx7HWWQsyLmoolEoRVdkKvDhoh3FXjKqzGYlr1uKuqYG7pJPsxEpsTs2pZTUIlB2gVcEqb/ZXxgkj01GDYzB519swIOfYdISj7oCR8VG90M9iDrgmxsPkWozMDxFjNo5JR2dB9wvP7ptFex8JonbZZXYZD7tE+36U8iys6Cjh6JGwr9luN1AxYYSkRrNWJd2CuID+8ujWptoTvRSO0RwiVVp5LhXe1l2GxLsS2UVtO+nbWH6DGMJei4DQ+LAxDXFR8FAvi7615cneN0umQfF4ZMUJirvxHA3tFN42tbnRmSCbLAZLNLhQq8VbRmkYOAN6LCzSKYlyhSyA3NM2HjRTFkXGUhOPL+3tPZJB4v0QlEhlhy1Ffxh2mbUXgmQ+ZHGUsBXEHfc/Gba6gJhsj6S2DkiAeZUW6euY5/v4vpveWsS+YS+BxH441//8mOJnrpsWrcQbM5yCk4WMnmpETy/VFEkc3dqYfVWHDfvwAeqjVfXAovXBmwOoCASG6qDf0P7FdeLFTHUNuahyNhBzhBAQ/yNpOkbzKTJFBWwnM=
|
||||
ACTUAL_OPENID_CLIENT_SECRET: AgAbJinP4E8rbGAw7BTfh/GB3XxQOfHiLFrgaikQbUIsmZu+Y6ktK7aJdcX2/g6yhHXX6z8p4xoYTaGgkpo8H0XWvUDT4ohqJVdJSWZgNx8MyzisVKi+51BEpslL4JvGo/ISjXT0hNeYGzFXlHnnr3LX+fuTVh3dKtk4t8nmR8SqaCCIyvKiBPmX/1QWo4Vrfw7OLpVlfGP0i3J7FrhjNgKMRWcQKQC4Ohk+NLHHghdtqzuFB8eKwcuBZmynKCVyblOhwZSL5WnyJPskWLMjNEizWuCubDdyHVY3ZqYLDe5dgoi7Gop5/xY7FEuEkmTL0g7LpKo4RkEKRLjsZwWtW+xN6HRRt7zGoUdIpo20ZnTtEH8C/qcxjHKUycFvzKLnk6ntq5rEdK2/MhBtMfd3a8pb4vpT9JNra1AWsB7zCUv4yc/FT0RpkL+1r1CVva4o+tzM8ojnm4o0ch6qsGb0IOYZvJx6sF7c6aj7c41YQK3ZrQF3bhhhEHYyWOBjy1V4T/GJPZ9CbhGG0PIsSvpW7d5pG5jNAwU/Xo6FL/vVUPwmSq/hCqYMSSSKNiMH/q/vzKyu5B5aQbNDAumzsLRqD/auJz8nAaUoLNBVHq+7zTs3wV7pEayY22teq/MN5PRtYOQLE5Ck60gv9Q70cfhgvTeK+eX4h9BbhfijCV/EiSYhLP7meeIpE80icdLUSkNROfW+0sf3RNbW5q3JX8PsW0h29VJgREJdlziLj2cCshe+ww==
|
||||
ACTUAL_OPENID_DISCOVERY_URL: AgAQVZX6r8SPkwwBR1dmUF/ahuZKkGSsU/GULe5PF7Nm75UadtjPb5aHAZjWE59MdV61DQZDa4KJz1/fW4xDUrJBuUElIRQH4oyMTQG12MSMauQpLd25SVU8ex2NYyerbd85j521FSxujP0l3941KGsENLt5wCx/idXu47txhAHgS81mj3CLfWzT5yyG+V1i48a24xK905v+ft5ZKuNLOxvVb6yZSBt1j/3egx49eB49CRk/dxYQtPpSw8Zb6KgaN+skjq5HTH/Neb4J92nlJ1aFPVKbFLbtxyIHDSoO35U8ODHEJVGKBbZjjfrrjCpmQYnZPEWN9s+xj2NAXZ7qANcJfbFEF/3bOiKZhc0jLM5MyhiMZoytn4FvGM8zxINC3z8zqaWJm1wiMXEUH3/FLUa2UWeHKQB14h0f5XGwytb3s/nPCoBnHhtOK1y4utJ2APsQhRsxySZjgYNRaRCarp8PntY7yB7VHYlv5Mitx+qBWcAUmcKp1I4NTnm1LORRGzIFcrJJKtQfqcW7GNuZDA3AiLGyOMVigcA93GnPbppor5BItE9FK/BKqrR4Bz31jXSO8S7pjhi3JxBIKEMmMZRVbyelJ9o7gTpqrBvO7KZ5v/L+mlE0J8D2LZoEWPqxfa/BE+QZfwIS3wDWQl1GTruaAM4u0bp4i9GkyK3hPVXnml3dNMElSG3GvNqHhhy1Boo1cHXHbQ5YzbkGgzL9fLkigVQCi0FKItyBxdGsui9U0OU5LNi0EGKBibs22mdDkp6f051GWeMidtSwz9j5
|
||||
ACTUAL_OPENID_SERVER_HOSTNAME: AgB+C31GqtPKbMifuTFYhwOgUwXph+RQYdnVQaVIaDiveE6Lydl/2HnTyFQIi2mhrbiCpDgegXuvGBoM7WHxlPepny5E66lY/cAdFaFDGMARqMXCRLVmvkt3U1IyNn9zPCPil0x+eAv2S/ETLm8Nj2OL9utxkdNBHub9xiGrE0d7qBeBfK1FNmainthYQUpnCsR7jowmmvYGuEyDwfG+suUooDdb5zaWmCJZRYk1jKD3zlu21N0sfciBJ/GpTdz/2V+NXqJJqs3r2zoB2GJPQ64pMuZHZ+yw8bYUkg7/QOHD2ofWmtzNOGGtiNRHAG8MtvF6ovc4Hgv5uu+4x413UP6pSIJsrHrXSHYP+mvu+ya3gNUn6YK2qymezrqbvUF/n7LoaDzTRqa0PmemtdskuABiwfqrdiOarxaWjomkXqnrBK6VkJ8PhOMDMv/j/c6zlXdhpnqlUyxMcjBjqicfNBWN8UByDIEw4D0rhibzOS4fIKjNHrmXHv39GNJsY90avhZqq42oTMJL0vcaj3v4pBZJdJ05TOvY7PQ/iUwnnczGqOtpAQtBKfCV2+PXp9o/64wOGc0Br322kSpzjIleWP9VWVgbqvwMjUGtlL+xTkCaOFpiYETxUim09c745WDc+YgU55rd5i/5t20wiKy7RSYnHvYOwvdjAlEgAnD0YZBXOQkL51nL9P+nOMAYBE0HiM1vYsd8R6h6Fk+G2gcs/2CLgwglqOtMwAm9A9+5qSqyMak6Z68=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: actualbudget-oidc
|
||||
namespace: finance
|
||||
@@ -1,17 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-admin-secret
|
||||
namespace: grafana
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAU6g/CwKj+1gPpt4DLvLsS0YCvJdVHWw4W4bRhibE9brVvcJtGB3D9MTJrSLVVwusaE6OR59og7oW5ge3yTd/9bbclXYLrxEi7OwvkQjCvo8MfD8yhJO9nV4Xs9Mjk2Z4SHGYuq6wvcssuJrpz5f0XEC7ocTRA+u0UaE+/b4FrYF71uyKGvj8GSXgLZUjGPFsGfPzwJn7cLBmlclVHx1xGbFpUc042m5Mulpn0QolFQnOwZiW4PL8pQyz1MXVRwCsz0RJd5apZL3XJ4X7BLMoAp+diHQ2xi3zoU9VScp+J2QgvFdRKgDa6v7Jz1f+HCwq5W/DoegwFXBrcMIfF2YrnvTnc1PCVwD9IHOeylO7J2hfi8teQiqTvvRlVgdBTLqoqlVovemf5k6ke6JfjTwnsJjTNnL7MKN5Qt0o7N2XRZ3ba9jp8cKbI7fyFQKaU2QEf2PIkp82kEnixmpA1aATgeA3W4E5Km7sKHUEB81+pwnOe54tzD2ShgQX/+UiswhWYTT+gdZKL1udBBemUDC0z9PSJNTPTy+hq+G4CIzVQUYxlioM3c+3geF7YLU8yXisj84pk44GN9KX3z5x+M2+LZL7agAWPUjxtrP2V+id7dNJQfCm0aSMeo57dVfb4zlBUAAgKIKjX+j1KqCVqE9zEO2F/QX7mY6MJTP2me3wmY7JAVRJ7d6bbkyyoDhs8JErLYLp0A+Eh+qx8nWgM9ErPVSA0
|
||||
user: AgB8ZLG2EuERjg1nKdH/xadbUuIR2c8a9gF5fE8ctrp4DNDLLuuqmjyoHRiWpkrtfnE1yKg1rPP+asV9Lj5iVmE9J+OB3QUOeFS4MHciBNj7pa68zfFgnHP4kxMX6aXyKRQrYruYjHwfzCpOM1zyTEphuGlnokjQXxjF/mZsoM2NWn7WGReqfxqH95tJXfs9AUC5vVv/PHqd+KKRZH7+G1AnWVJ7RFQHedR7wyftO4/rkm8deMuZWtOLl25fAOyOr7+hSqT69s9/uTKSLJXjobSqtulqsR+v5lkwx2ThNKzmcEcuoenKG6lk8XLRSIscccZH3JTPh6IknQWUOC4nmYj+XUxE8Go0RX/4eL+D/6FrYrtp0gr3HOCLAGU4vAHMeKfJoyqykJVnvY6QY6bFgaziyOlWaoEHpg6g0vHHDwyX7HIDcQfJZGOLH9dhrWJ2sOkzyuuxfqWEgz/M2eBW4EUAudHwfTLPocSMUI+D6fjeciMojet5uxWMP7ZHh/E061f5+Vfk6CKYd9Kpi69Xah8KEyyHYP5NImkdIwjgllaEAd/FBE2+QJyTVZlUQC7y9ObagDMCUFaFbTS5QOLh5BOJDL5buEYFWG0IhoH47SC/pKeEOQH//uvoo27K9zvxTOQN1YOTrxCozmexMOsTIdhvU0dOnJDBrThSHKYLCeIokDOgUUT52FqDH51RoLoK3UkyGbMoq+M=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-admin-secret
|
||||
namespace: grafana
|
||||
type: Opaque
|
||||
@@ -1,16 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-auth
|
||||
namespace: grafana
|
||||
spec:
|
||||
encryptedData:
|
||||
client_secret: AgCEdC1/ERlPQyQP+bd9gcW33Yrvl4uRbx+RF5AY4vYAquOzxmLTygMl/WZlB5wlCE5idIHgto6/fUWVZrQbmfClRqsW2pFoddKQAtS9cQNXwMjLCm7e0lXk9GM9O3ZwktmklFbCu8XewHmefGHhoJ28vPxPMaINv1fM4zYKvNz5RHf0dJfTHgxb68wRYjAbE/eJpRcVE3a29Yw6Gfa8Mb+cFI7RTHvjuv9LBgWqM6b3qvvJ4wYR2WKuiQrnJ5xAtHpMAI/2R80qq151wlaZueDZ1PwjRBHURkmPTmwZnrMrmIugNge7Tpww+ArZlG9kDfSu1aTJidbXbcpN6fyt1qARTCYrBlbn60PTYLnPL/NObvMCpjS6DsYsYz7MJ7WoOupu46Ib5paZHmak+CilC6lb9LjJj4EKfRsagZmWT07JavhHBW/tqjB3GToccIz4fOAOdA9aU51J4wCL2ctp2SgzCEKe2EaBK/f9nDd9ASmmon9PDwRDVtG8yTukrNcZHNzodi09Af81DB0RNa36Z3Sjt5xu94paN+mjiOWGf2JduVEq+60NbPvDbPE9e1aVH3DdQcij2WGZaTE8dAGLSsLoOkIq3m2E+Mbk1Re1gI9H18xJM72ivb5uDe7pzReyvO5DY4Pfq8JgQhPxWcDq9ScmWS6Bb+jdCKytFq5NafSAl+akPbbwN+1GFu33if/P5D9I2TwOA8V1wyVU
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-auth
|
||||
namespace: grafana
|
||||
type: Opaque
|
||||
@@ -14,7 +14,7 @@ spec:
|
||||
spec:
|
||||
containers:
|
||||
- name: homeassistant
|
||||
image: homeassistant
|
||||
image: homeassistant/home-assistant
|
||||
ports:
|
||||
- containerPort: 8123
|
||||
env:
|
||||
|
||||
@@ -13,6 +13,6 @@ resources:
|
||||
|
||||
|
||||
images:
|
||||
- name: homeassistant
|
||||
- name: homeassistant/home-assistant
|
||||
newName: homeassistant/home-assistant
|
||||
newTag: "2025.7"
|
||||
newTag: "2024.12"
|
||||
|
||||
@@ -1,39 +0,0 @@
|
||||
apiVersion: postgresql.cnpg.io/v1
|
||||
kind: Cluster
|
||||
metadata:
|
||||
name: immich-postgresql
|
||||
spec:
|
||||
instances: 1
|
||||
imageName: ghcr.io/tensorchord/cloudnative-vectorchord:16-0.3.0
|
||||
|
||||
bootstrap:
|
||||
initdb:
|
||||
owner: immich
|
||||
database: immich
|
||||
secret:
|
||||
name: postgres-password
|
||||
dataChecksums: true
|
||||
postInitApplicationSQL:
|
||||
- ALTER USER immich WITH SUPERUSER;
|
||||
- CREATE EXTENSION IF NOT EXISTS vchord CASCADE;
|
||||
- CREATE EXTENSION IF NOT EXISTS "cube";
|
||||
- CREATE EXTENSION IF NOT EXISTS "earthdistance";
|
||||
|
||||
postgresql:
|
||||
shared_preload_libraries:
|
||||
- "vchord.so"
|
||||
|
||||
storage:
|
||||
size: 5Gi
|
||||
storageClass: nfs-client
|
||||
|
||||
monitoring:
|
||||
enablePodMonitor: true
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 2
|
||||
memory: 1024Mi
|
||||
requests:
|
||||
cpu: 50m
|
||||
memory: 512Mi
|
||||
@@ -1,12 +1,11 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- ingress.yaml
|
||||
- pvc.yaml
|
||||
- immich.postgres.yaml
|
||||
- postgres.yaml
|
||||
- postgres.sealedsecret.yaml
|
||||
- servicemonitor.yaml
|
||||
|
||||
|
||||
namespace: immich
|
||||
@@ -15,20 +14,20 @@ namespace: immich
|
||||
helmCharts:
|
||||
- name: immich
|
||||
releaseName: immich
|
||||
version: 0.9.3
|
||||
version: 0.8.5
|
||||
valuesFile: values.yaml
|
||||
repo: https://immich-app.github.io/immich-charts
|
||||
|
||||
|
||||
images:
|
||||
- name: ghcr.io/immich-app/immich-machine-learning
|
||||
newTag: v1.136.0
|
||||
newTag: v1.122.2
|
||||
- name: ghcr.io/immich-app/immich-server
|
||||
newTag: v1.136.0
|
||||
newTag: v1.122.2
|
||||
|
||||
|
||||
patches:
|
||||
- path: patch-redis-pvc.yaml
|
||||
target:
|
||||
kind: StatefulSet
|
||||
name: immich-redis-master
|
||||
name: immich-redis-master
|
||||
@@ -1,10 +0,0 @@
|
||||
{
|
||||
"packageRules": [
|
||||
{
|
||||
"matchDatasources": ["docker"],
|
||||
"matchPackagePrefixes": ["ghcr.io/immich-app/"],
|
||||
"groupName": "Immich containers",
|
||||
"groupSlug": "immich-app-images"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -1,14 +0,0 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: immich-service-monitor
|
||||
spec:
|
||||
endpoints:
|
||||
- port: metrics-api
|
||||
scheme: http
|
||||
- port: metrics-ms
|
||||
scheme: http
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: server
|
||||
app.kubernetes.io/service: immich-server
|
||||
@@ -6,8 +6,8 @@
|
||||
|
||||
env:
|
||||
REDIS_HOSTNAME: '{{ printf "%s-redis-master" .Release.Name }}'
|
||||
DB_HOSTNAME: "immich-postgresql-rw"
|
||||
DB_USERNAME:
|
||||
DB_HOSTNAME: "immich-postgres-rw"
|
||||
DB_USERNAME:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: postgres-password
|
||||
@@ -37,6 +37,10 @@ immich:
|
||||
existingClaim: data
|
||||
|
||||
# Dependencies
|
||||
|
||||
postgresql:
|
||||
enabled: false
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
architecture: standalone
|
||||
@@ -56,7 +60,7 @@ machine-learning:
|
||||
persistence:
|
||||
cache:
|
||||
enabled: true
|
||||
size: 200Gi
|
||||
size: 10Gi
|
||||
# Optional: Set this to pvc to avoid downloading the ML models every start.
|
||||
type: emptyDir
|
||||
accessMode: ReadWriteMany
|
||||
|
||||
@@ -1,42 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: kitchenowl
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: kitchenowl
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: kitchenowl
|
||||
spec:
|
||||
containers:
|
||||
- name: kitchenowl
|
||||
image: kitchenowl
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
env:
|
||||
- name: TZ
|
||||
value: Europe/Berlin
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: kitchenowl-config
|
||||
- secretRef:
|
||||
name: kitchenowl-oauth
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
resources:
|
||||
requests:
|
||||
cpu: "50m"
|
||||
memory: "100Mi"
|
||||
limits:
|
||||
cpu: "100m"
|
||||
memory: "1Gi"
|
||||
volumes:
|
||||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: kitchenowl-data
|
||||
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: kitchenowl-ingressroute
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`kitchen.kluster.moll.re`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: kitchenowl-web
|
||||
port: 8080
|
||||
|
||||
tls:
|
||||
certResolver: default-tls
|
||||
@@ -1,7 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: kitchenowl-config
|
||||
data:
|
||||
FRONT_URL: https://kitchen.kluster.moll.re
|
||||
DISABLE_USERNAME_PASSWORD_LOGIN: "true"
|
||||
@@ -1,19 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: kitchenowl-oauth
|
||||
namespace: kitchenowl
|
||||
spec:
|
||||
encryptedData:
|
||||
JWT_SECRET_KEY: AgAclRIJS25ACVe4NqLQbAree6c6WpTBHnLpe3ZQJ0ScHG/EbW/ooABZj7y1ABAn/mCc+hBYXYHm81FNUfUtSuLKi2UlORbTCsfmisYH49WX0Lpku9LTM/8az9tjE0tjUUrJZcRUuJfdNJMDPQx7IPjUQ7sKk/exFnkPEbK98+AElXyHpPKXd9dxiCgll0n+ksbF9BDUR8KY8IB2Zvh4cXPww578qe/9XYnxLV8uY9K8KPvhl7NI40SIaL4PX8KmsDlBh1bpOR/OxhIwAGEZDQp/KROy6msrIOYW4SHM9nlSUSD4WvV8UjcbV1oNnYpE1usFOuxSfQlJ1zlFepKUv40JykyunvQv9nqVbEogsrS4o5N3gNEaB9yyFSHIlevp32LVpAuZu3cNplmT+Zg7+ODpCWIcVgmOAeapvB+X7H4ScbKVcYLAzrRFDtnS4Vo1M+RERhr0AuMU/tz0lGs99oRkCw2ZIg015R125u0VcRNqzgCtbBM5BFiKiP2kYrHn02Q6o5tRWxDQfrfb0mnfD5c/gM4+btlfM6DZMpr/l1kLlm8PDEpPGbkhK1XiAyJ4erHPDMLcmZXrSyxX9R1g8n7vnLnkqx5LkGmnltQI2FM7StxC6IrMlxY0nPnkq1lHhTz7yCpQJNXgfXZLVvov+f6jlD6WJhYHZCL/hIFfx3ybjGYZwJ0m84lH0OQJQw5dtsbPVqqoYZIPieqdRmHw7M7TTmFuQJXD94lZj5gsln1sMqs=
|
||||
OIDC_CLIENT_ID: AgDOxWtGCiFrIP5aWHimrR6bu0uMS1/i1v1Kzo1lIR3j3zlw/Da2oCPNx1ZuhNAp9UMIs2euc8mtrWkyv4R6pcci+IxXiGzlQNBSkMfWu4DwhwlEdnVyCVehfE00t0ytBxX6NeLfS1b8JOtH9yo3e22fdaeTwn/iwGLNwi1BJxMmzk9pVp7jzXH09Zia8UvUmXw5GyGpIOIiGcIfaXkr1ZnY2l30jTw8eS7HaouzfWHWTpNXkMLN3qim4vs/B1Sgz/y9tUyVo/qMhWLdEcVklYHT7xHx03SPD7RtK+zdYZCqvDtj+tsdpYHt05zeGV+wflNQuiocjwP8TW7vhtbjKrf9lQIxB5CErju178ELOVrpsPBAYMgdEl7qZeKdSpydIwe3VbOg3XJ7O/Ps1KSnRYwrCvgE4ZCMm3geHyJxSiKRhBcuVYz5JkNd5ylD0Eq9NL5RCqJ4szL9NaGNPbzkvcdZzAnbTYFTzyqZ+XHX/BUFisXl5bKNHtaqAsOK8woGYnxJiawKRrwDUmHXU4RB3QiPCPhHSLU7OkvU+XDhyQqLa8bKEQzj9dUf4bX3Savk4noiRsXMYJznAlgMPo0Q4taxVIoyQHELYwIIdP5YRuw27B9wKUR7e2hhu4FTOEcyhwuFql3OuAjq8HJCDX6+COkL2WYFFxWBnbSCYEdzfbMBCHjrUUonijcQluU2VbaHODNMAvB16MRKapAW
|
||||
OIDC_CLIENT_SECRET: AgAylnSUXwInlh/WvyCiFz+8asbCSZA6kk84Rt6l7bHVYw34c58lJHsZK2OvOIlHuaMe/ewnTqxVd0hI1Azl+wd/5NygMYlntKquq0vuzlhLrGc3u+0SOn9N2P6quA3slF9KR94CYsDx9ogy+EsEoA1yrsydB8S0g9W8syraR1MtpM0ZkcJ/D78OZ6qzyXUuBNAZc+iX/r96NvoMiGNYavgG7npOJh/pkKNYPuNkt4zpbAFjVyoCfgZd4V2nmZ6dhEVy8odW+jcsMn6OJ1OZVlPb1beq49lBEcaJqk83ZtKbq2evtBYHw9YAnENVq92ecenw/YL5LXUhOxeN0M9Amo99/O6pQwwrT1mtZqhTTeTIZTAxqmJKgyxGhE4DJUR/s71bc7K9hd2WvdAYnCyVC2uGa0MwXp4V7UuaN9GerldT8lcFxOpRnD7yroqVTqebjAJIkIinp5NNZ2ZP/LCiCwKKHHT19Pchn615WOPTofC6es/spIdQ8a1Nf2J5YzvRjsduFS55U6tMaC7cuV8kqKH9xTTf/sDHt+68wVEAO9koAe1zpO+zR2Pq3VuCnvcDGIwXopXjvyjfujEEhEWZl51PVJLZqtkP5Wg2wHvlgjJBbbIGTrqh4xa9pK7wLDM2hUFx1q/YKqwfP0EGVTc96G8Wermj0DtIqclqFLr54DtxVe+Rr8J4edG6YQ26/seYsrZ1Oq2PejHQt8u9EzQYAtYYlBsw2ujCWys6KrbhaVr3
|
||||
OIDC_ISSUER: AgA2JPd5axkL5YIRA95qm/iH8wgM2J0AjKjgGClWabYJ3UKIk0hi/L/zR+1Pw9Z+6amYXj7Q0FxLqCcNYG+H5ABxnqUi7Gl8gvfVbegaO3q5QiO27g18RMDssNHDSun8PPaxHBvBD68hxgsaXntu8sZavCGdwEK0TzLJi7eH/4jtHlofzfYgaCsGqeOBgvs/q87PVJ/qxazXlY9e7abbRAKl9ZMY7Wga58/IU2HhWwYMvI53yQyGMcKf3XiI9iNHgIcj1+TmlgQo+PRKyopNfzgFbey7on8woQXphY+ioqQ0hyworpxAVoWlvzKKopt1xBDr4zxzkzbWyxtjwPVOOH3iyenZz8tZa/JkNYWxkWHbh0KCs9yUIji3D3shQOFM/NtE17THsQm3NgpZ2lg9ET1v6uXqwfOLiQ+J1JQLwNFnYeruH2lK4EGt2nDCq2VycOIjW4kMpiJ4LiT8gap9HwYjTpAn+opicYn5e9fmpgiHdMPvrsG1m9edg0cbwdSpEelliHnAUfKsxMV2e1fLsga6yrhBLSXIQs8rbURRa6wqVvGoLB86a9Q5Rm94Jfm0Sa9v5LMGRYvqO5LbLrjrR8e/2r17pHQE8ynMQCAW1yVTe09FcgRwYhDUohfThtjIh16sdoC97eUel7fo/POt3atP69JsCIBZstprhVtBIBssmavpIotVqi8F2/yUkhrZR26mH3gsOxkNTEk6XzHHtJRu0cU+BmObTvYgMi3DHg==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: kitchenowl-oauth
|
||||
namespace: kitchenowl
|
||||
type: Opaque
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- kitchenowl-oauth.sealedsecret.yaml
|
||||
- kitchenowl-config.configmap.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
|
||||
namespace: kitchenowl
|
||||
|
||||
images:
|
||||
- name: kitchenowl
|
||||
newName: tombursch/kitchenowl
|
||||
newTag: v0.7.3
|
||||
@@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: placeholder
|
||||
@@ -1,11 +0,0 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: kitchenowl-data
|
||||
spec:
|
||||
storageClassName: "nfs-client"
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
@@ -1,10 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: kitchenowl-web
|
||||
spec:
|
||||
selector:
|
||||
app: kitchenowl
|
||||
ports:
|
||||
- port: 8080
|
||||
targetPort: 8080
|
||||
@@ -13,4 +13,4 @@ namespace: linkding
|
||||
images:
|
||||
- name: linkding
|
||||
newName: sissbruecker/linkding
|
||||
newTag: "1.41.0"
|
||||
newTag: "1.36.0"
|
||||
|
||||
@@ -12,4 +12,4 @@ resources:
|
||||
images:
|
||||
- name: jellyfin/jellyfin
|
||||
newName: jellyfin/jellyfin
|
||||
newTag: 10.10.7
|
||||
newTag: 10.10.3
|
||||
|
||||
@@ -1,11 +1,3 @@
|
||||
## Setup
|
||||
Because minecraft is quite sensitive to io performance, we want the data to be stored on a local disk. But hostpath is not well supported in talos (and is not persistent), so we use an ephemeral volume instead. In order to do this, we create an emptyDir volume and mount it to the pod.
|
||||
|
||||
We use an initContaier that copies the data to the local storage. Afterwards, copying from the local storage back to the persistent storage is handled by a preStop lifecycle event.
|
||||
|
||||
This way, we can have the best of both worlds: fast local storage and persistent storage.
|
||||
|
||||
|
||||
## Sending a command
|
||||
```
|
||||
kubectl exec -it -n minecraft deploy/minecraft-server -- /bin/bash
|
||||
|
||||
@@ -7,7 +7,7 @@ metadata:
|
||||
namespace: minecraft
|
||||
spec:
|
||||
encryptedData:
|
||||
key: AgDG6apUvB38rB9tH+/ya5Af/32IUJjHiEGZFdYYqesuqyPB/qf99EtC/7CwqD6bDQQPVycJVcxwZuF8QtYfPXzv//yMkqEUJ2G1/Q5J8I6bjNGLR636UhliUpCkH1QDOspWJUjwKDVxlFN9l0g9UajvxnqLyGzbWPeay0sJEBvAY8ltEZpLP21V+GD+HgPk3HIfSFFBMsULS6GPCjMaFxkxQb6cG3K4Ej4NHCHRGOmax+4Rk7lwMyAHlXLlrwj/ytxrnHDWrugLIJE9KKmJn6UVNTuk6olgkhleg2PixV7oOiDVyu9ZQP8wbdppzRix6dnIcFEYJ1ZDK1rNF5QErYO0gBytiJnSsdFO0jUMsdBrho2FgUc5GgIdmgXWJJz3lrGFqXaRVvbPsBZTUAsQRh2+4IfqfWmAkEjBcjs1K8WWJfS+rO9e02KoHBT4decdsd8Qfr5EFdPIzMrkUoRMI9CJnIa5u2nR08Hhd9iojbL64FZ26kXMODtEdKmlo+HwjufLX5rYJVSfOyZYzivd/kgKA87YTFaMLKej07w3ofGrPYSoCnmLfJyoQdNyJhdonBDsgM1GgRWQZDpgJ1df0SB02A5lZ4V7lHWr8KlANv9YLuMoZnVehsH1NZjNQHDInIRiTLahEBbjcJzQz4vU1UWG100ATszEYKOUVkzPnTgkqKYU99ZQ23bHP8z7iAWQeumb6V84NTi6jNITBvU4yTFLuAiI3nW34Vb1mFVLwfWqMjEYX8gBB4yMSaVshB/japfkyXU0pYg4mK9gsB4=
|
||||
key: AgBYeAiejdmxDBorvgnxQX5YvUhR3NId2vfWybMKlc27e6D/bKglLNyZMk70xSnFAPjcDmZ20mYjFPYvDOr9T6IU/REJ8QlzoKAn0xW779R4SkIxRToT+dJv+OM2avgQ9uqp7vja29xeXMjYAnQML+QGZKcrT8mE04G/Ty8rdUiv3yUXK5HFAR3SUF35aVLdlthLjpRkv1s0R7GAP4L2pNzBJNV3i37viceUSSjU0zpOa23fsQOkPAs67AIukAJBqh/hyF/hR9H1GeYZNTI3OcHcvC2iNk/XGstvv0Zy6ApzoebsfWGdsbVn+QUI0EBw+mSTPqpl71cbkz0v4S4XAVndosxWpe6AIgm5MBTU0FXIyGyoFDe1aMPq8BXiQikYVwB48oVNh9KF0xXX5AOG0whB/FEsL3OJsiNQvQ3R/Hru43JBn64oxjVtLfM3E7u8v/xr1VQahX8dylDmb4s5EV01U6O4y19Ou4td1eEMlhpJb0fBPDRUYuWxZAEDGmp+U4tAakyPed11VkcZPPn9fKAAcv8sGs3TYAbbF18hqsBnv2Wd+i7ZEvKwmdmfR/T0r1TJGsvKI7jaW0QtH256XrSxQp7a52qMKMVQWOSKw2k27t/IkRhxT2Prw4GfJvaVr4RozUaBf3LV/hfDWlDfmM2zg3X9W8HkzjotGg021OLxsa0Wzmhffvb8h4bvZwxeq3U1xaJocqXui7z0rT2pF4z3wYHR/lPtexHcOA2M8gfBGKb1rBKh+kW+N+/ZfVLNI0mokg5vrTO2nR2rb4c=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
|
||||
@@ -4,27 +4,14 @@ metadata:
|
||||
name: start-server
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: minecraft-server
|
||||
spec:
|
||||
restartPolicy: OnFailure
|
||||
initContainers:
|
||||
- name: copy-data-to-local
|
||||
image: alpine
|
||||
command: ["/bin/sh"]
|
||||
args: ["-c", "cp -r /data/* /local-data/"]
|
||||
volumeMounts:
|
||||
- name: local-data
|
||||
mountPath: /local-data
|
||||
- name: minecraft-data
|
||||
mountPath: /data
|
||||
containers:
|
||||
- name: minecraft-server
|
||||
image: minecraft
|
||||
resources:
|
||||
limits:
|
||||
memory: "11000Mi"
|
||||
memory: "10000Mi"
|
||||
cpu: "5"
|
||||
requests:
|
||||
memory: "1500Mi"
|
||||
@@ -42,13 +29,13 @@ spec:
|
||||
name: curseforge-api
|
||||
key: key
|
||||
- name: CF_PAGE_URL
|
||||
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/6807187"
|
||||
value: "https://www.curseforge.com/minecraft/modpacks/vault-hunters-1-18-2/files/5413446"
|
||||
- name: VERSION
|
||||
value: "1.18.2"
|
||||
- name: INIT_MEMORY
|
||||
value: "1G"
|
||||
- name: MAX_MEMORY
|
||||
value: "10G"
|
||||
value: "8G"
|
||||
- name: MOTD
|
||||
value: "VaultHunters baby!"
|
||||
- name: ENABLE_RCON
|
||||
@@ -56,37 +43,15 @@ spec:
|
||||
- name: CREATE_CONSOLE_IN_PIPE
|
||||
value: "true"
|
||||
- name: ONLINE_MODE
|
||||
value: "false"
|
||||
value: "true"
|
||||
- name: ENABLE_AUTOSTOP
|
||||
value: "true"
|
||||
- name: AUTOSTOP_TIMEOUT_EST
|
||||
value: "1800" # stop 30 min after last disconnect
|
||||
|
||||
volumeMounts:
|
||||
- name: local-data
|
||||
mountPath: /data
|
||||
|
||||
- name: copy-data-to-persistent
|
||||
image: rsync
|
||||
command: ["/bin/sh"]
|
||||
# args: ["-c", "sleep infinity"]
|
||||
args: ["/run-rsync.sh"]
|
||||
volumeMounts:
|
||||
- name: local-data
|
||||
mountPath: /local-data
|
||||
- name: minecraft-data
|
||||
mountPath: /persistent-data
|
||||
- name: rsync-config
|
||||
mountPath: /run-rsync.sh
|
||||
subPath: run-rsync.sh
|
||||
|
||||
mountPath: /data
|
||||
|
||||
volumes:
|
||||
- name: minecraft-data
|
||||
persistentVolumeClaim:
|
||||
claimName: minecraft-data
|
||||
- name: local-data
|
||||
emptyDir: {}
|
||||
- name: rsync-config
|
||||
configMap:
|
||||
name: rsync-config
|
||||
defaultMode: 0777
|
||||
|
||||
@@ -8,7 +8,6 @@ resources:
|
||||
- pvc.yaml
|
||||
- job.yaml
|
||||
- service.yaml
|
||||
- rsync.configmap.yaml
|
||||
- curseforge.sealedsecret.yaml
|
||||
|
||||
|
||||
@@ -16,9 +15,3 @@ images:
|
||||
- name: minecraft
|
||||
newName: itzg/minecraft-server
|
||||
newTag: java21
|
||||
- name: alpine
|
||||
newName: alpine
|
||||
newTag: "3.22"
|
||||
- name: rsync
|
||||
newName: eeacms/rsync
|
||||
newTag: "2.7"
|
||||
|
||||
@@ -1,42 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: rsync-config
|
||||
data:
|
||||
run-rsync.sh: |-
|
||||
#!/bin/sh
|
||||
set -eu
|
||||
echo "Starting rsync..."
|
||||
|
||||
no_change_count=0
|
||||
|
||||
while [ "$no_change_count" -lt 3 ]; do
|
||||
# use the i flag to get per line output of each change
|
||||
rsync_output=$(rsync -avzi --delete /local-data/ /persistent-data/)
|
||||
# echo "$rsync_output"
|
||||
|
||||
# in this format rsync outputs at least 4 lines:
|
||||
# ---
|
||||
# sending incremental file list
|
||||
#
|
||||
# sent 145,483 bytes received 717 bytes 26,581.82 bytes/sec
|
||||
# total size is 708,682,765 speedup is 4,847.35
|
||||
# ---
|
||||
# even though a non-zero number of bytes is sent, no changes were made
|
||||
|
||||
line_count=$(echo "$rsync_output" | wc -l)
|
||||
|
||||
if [ "$line_count" -eq 4 ]; then
|
||||
echo "Rsync output was: $rsync_output"
|
||||
no_change_count=$((no_change_count + 1))
|
||||
echo "No changes detected. Incrementing no_change_count to $no_change_count."
|
||||
else
|
||||
no_change_count=0
|
||||
echo "Changes detected. Resetting no_change_count to 0."
|
||||
fi
|
||||
|
||||
echo "Rsync completed. Sleeping for 10 minutes..."
|
||||
sleep 600
|
||||
done
|
||||
|
||||
echo "No changes detected for 3 consecutive runs. Exiting."
|
||||
17
apps/monitoring/grafana-admin.sealedsecret.yaml
Normal file
17
apps/monitoring/grafana-admin.sealedsecret.yaml
Normal file
@@ -0,0 +1,17 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-admin-secret
|
||||
namespace: monitoring
|
||||
spec:
|
||||
encryptedData:
|
||||
password: AgAwMLnsYN1y8JQSqgGQbNG/8jKensTDsEw6ogITdkhDRlJcg8HQ5t7a6xLzNCrLHLJiQW8YOoyLT4lvFkBRMOa2EYcrDvBiRD0PjygWLIscKa7dA+jpAUf/icD9zsiDnTym2yf+VUANcmEgE6DiNvlcsrcmYqiR4pKVUTDlKPNOjOpTJ3nXETb3/sbt69E0JSGwtkvusYQSXKLU9KLbciihv+ycdkdlC9xy9myd4+vYZYXSh/eAvyZeb/hsmdSX7yaASmupMvet6Qsdt99PNzFQxtbQH+LQvYalVZ8bjWZQvCN/p0bA4H15otKBfe8rtEwVthgvyEvo6TK0Mg0pFY/b3AOGFmImnT3rDmgG6S8KTZH0Jce17ksFqvELQmHjqHuYpQsPDl44glM8kWRJ9Mf/Z424LRwZlJNVcOkuVl4qFqPUjzd2rWIyF0RaD0BE012C0ThJxKn2l17lVJbNtdUiR3qNpW01ot2m0CgKd2kXbjDmgRgAll4WgrukfCIn9ZnE0gVCFLJuK3MOQAaipFYy/bDO0izwl9T8nldgcI8OfiC3NTk2O+Es5jJRXu0oJGaC3HrTB7wXiwOoELvAsxLTPxKBiN9mCHCMtZX0PEtrio0dFRQ6Pi5xPng0KVT0I9dvGNsPdhPETNOB913WEvbgP8Gt3cj016nCzk51eUsYbXPpNL2B4kmbIhecqW/8kwKQPwYjVlBSXj3NxjzwMY6PvOl1
|
||||
user: AgBqmjCYGMqy5zBE+vhtsynOvhWdHWDJDyl1D+laBtLjXTJwzRbNTdunHYo1ekwyqQ6Cr5pi4YMiLxAl1LIHF+Lfsp2QlY+ResAGzp9WgSBtNQDX3EmLDQofeWxMUDdMtMsE9wiKLCfNGDkRDsGquXTz+YFq03m1vH9cB8Bp+1ClWOTui+/Ce0MZlWsJZX1W8WXH7XTirtwUo0s53pc4AplUUH97ZEK3KSIxWa3gLCn0sAPDDLPX+JVA2xtpMq1XuVFiFifjzEtG2h0dejiF35FtSAR+rR4YmEfimk3QpRDfOqV5QUxvjCG+dTV49upSevF2mvbHW+o+lB6vEc6l9cZXvlbnMdaep3NmOsJcJ8wQIdFpFK4iVzFOTKSEbzLPlZ/J+sjS5vDXsfthorIO2faMA1iIf+I663zNxQU5btaK4TNYOZQlrFVjAmioRLkDhGZ6tDUPX/zMv+Crt+0HCwyEyhmvFZckDvezTZrxARSXXMKBVcvjHCyUNkz7ubZRiMU0PGM7fYuHr659e+XMRvj+LFA68ZaEIzCQpCFJenWWYAXgUdRG4LQ1LP2MwvRHpkOYSoRkHIpX7jOfhX82A60h/ta/CdbWifqNyL9OecvE3FKsZu/Kr0taw9W6nm6FBhQLgFkOnFrqp9dWnxfHruXuDBgcn0iE8nR7Ht2zS7hfQPeR4a3Y0xK3Plqbzdrb9HKnWQQhf14=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-admin-secret
|
||||
namespace: monitoring
|
||||
type: Opaque
|
||||
16
apps/monitoring/grafana-auth.sealedsecret.yaml
Normal file
16
apps/monitoring/grafana-auth.sealedsecret.yaml
Normal file
@@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-auth
|
||||
namespace: monitoring
|
||||
spec:
|
||||
encryptedData:
|
||||
client_secret: AgCcKsnS3u2eI+fNVC9hAZ3QRFOHFErAzs5aQgX51CSdJwM03SZUoTyrDi5JPcHUVyS3MbevFH5piMhDTARMI3bLOjYlcwMbpf77JCPa7o95Y9asA/FW3lXicYt3biN9xBXJBz7Ws3fVRtEzyf6DmbGedT9gaX8aPwrUVbP19RdyJiuu76oB1A/jdUkX4K+X6kVvmoP/BWdypk/kdQJrzBNt00DIXF4NHfYey36AuhpBtqYZs4faA/tBXMXLE4RxPNtcHwNfVjnRj3v3qzNufD1fnweJvLq2UfLMrQjoR9XDVnM0zkpautylkI7yrvcoEH7ljnf6b1FMogOEZUfH1BIdqTd/WwrrlCqE58OPfJWthIfN+pQ8LvdHsGo3jc9gXvfXS2cStyhP06eTZ4D79kG+RtDQGOsD/Wpx7EcM6hbB3+dIjcs3wEAIGjpIVtY9JayW8YeRnFApMuhDST1+hscm+LdoGvaSTlAuGzv9BbVrPX/Fo9XKeYHlbG/x71Er+vF8WbW0wUa46MHLvbEy376XIdJDYi+vjl4eqznZ6YhvPbawhoKXT8ZcKUcUAjVcMue/O/jCSPZplbn3vdSCeqPTiqVqDw9PTMIeWFUepgPMxiGpFRAqdwIecFBnYItq0dXoGlFrZpo0S6AECgZjxzUR5EgdkdPlDDs2CN+d9yP7f2S+gmL7AIlQr74NW1GrTGw2x/rD4IJhunh7
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: grafana-auth
|
||||
namespace: monitoring
|
||||
type: Opaque
|
||||
@@ -35,17 +35,13 @@ datasources:
|
||||
datasources.yaml:
|
||||
apiVersion: 1
|
||||
datasources:
|
||||
- name: Prometheus
|
||||
type: prometheus
|
||||
url: http://prometheus.monitoring.svc:9090
|
||||
isDefault: true
|
||||
- name: Thanos
|
||||
type: prometheus
|
||||
url: http://thanos-querier.monitoring.svc:10902
|
||||
isDefault: false
|
||||
- name: Loki
|
||||
type: loki
|
||||
url: http://loki.monitoring.svc:3100
|
||||
url: http://thanos-querier.prometheus.svc:10902
|
||||
isDefault: true
|
||||
- name: Prometheus
|
||||
type: prometheus
|
||||
url: http://prometheus.prometheus.svc:9090
|
||||
isDefault: false
|
||||
|
||||
dashboardProviders:
|
||||
@@ -85,15 +81,13 @@ grafana.ini:
|
||||
auth.generic_oauth:
|
||||
name: Authelia
|
||||
enabled: true
|
||||
icon: signin
|
||||
allow_sign_up: true
|
||||
client_id: grafana
|
||||
client_secret: ${AUTH_GRAFANA_CLIENT_SECRET}
|
||||
scopes: openid profile email groups
|
||||
empty_scopes: false
|
||||
auth_url: https://auth.kluster.moll.re/api/oidc/authorization
|
||||
token_url: https://auth.kluster.moll.re/api/oidc/token
|
||||
api_url: https://auth.kluster.moll.re/api/oidc/userinfo
|
||||
api_url: https://auth.kluster.moll.re/api/oidc/authorization/userinfo
|
||||
tls_skip_verify_insecure: true
|
||||
auto_login: true
|
||||
use_pkce: true
|
||||
role_attribute_path: contains(groups[*], 'apps_admin') && 'Admin' || 'Editor'
|
||||
use_pkce: true
|
||||
@@ -1,7 +1,7 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: grafana
|
||||
namespace: monitoring
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
@@ -17,5 +17,5 @@ helmCharts:
|
||||
- releaseName: grafana
|
||||
name: grafana
|
||||
repo: https://grafana.github.io/helm-charts
|
||||
version: 9.2.10
|
||||
version: 8.7.0
|
||||
valuesFile: grafana.values.yaml
|
||||
@@ -13,4 +13,4 @@ resources:
|
||||
images:
|
||||
- name: binwiederhier/ntfy
|
||||
newName: binwiederhier/ntfy
|
||||
newTag: v2.13.0
|
||||
newTag: v2.11.0
|
||||
|
||||
@@ -14,14 +14,14 @@ namespace: paperless
|
||||
images:
|
||||
- name: paperless
|
||||
newName: ghcr.io/paperless-ngx/paperless-ngx
|
||||
newTag: "2.17.1"
|
||||
newTag: "2.13.5"
|
||||
|
||||
|
||||
helmCharts:
|
||||
- name: redis
|
||||
releaseName: redis
|
||||
repo: https://charts.bitnami.com/bitnami
|
||||
version: 21.2.13
|
||||
version: 20.6.0
|
||||
valuesInline:
|
||||
auth:
|
||||
enabled: false
|
||||
|
||||
@@ -13,5 +13,5 @@ resources:
|
||||
|
||||
images:
|
||||
- name: mealie
|
||||
newTag: v3.0.2
|
||||
newTag: nightly
|
||||
newName: ghcr.io/mealie-recipes/mealie
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: stump
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: stump
|
||||
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: stump
|
||||
|
||||
spec:
|
||||
containers:
|
||||
- name: stump
|
||||
image: stump
|
||||
|
||||
resources:
|
||||
requests:
|
||||
memory: "64Mi"
|
||||
cpu: "250m"
|
||||
limits:
|
||||
memory: "128Mi"
|
||||
cpu: "500m"
|
||||
|
||||
ports:
|
||||
- containerPort: 10801
|
||||
|
||||
envFrom:
|
||||
- configMapRef:
|
||||
name: stump-config
|
||||
|
||||
volumeMounts:
|
||||
- name: stump-data
|
||||
mountPath: /data
|
||||
- name: stump-config
|
||||
mountPath: /config
|
||||
|
||||
volumes:
|
||||
- name: stump-config
|
||||
persistentVolumeClaim:
|
||||
claimName: stump-config
|
||||
- name: stump-data
|
||||
persistentVolumeClaim:
|
||||
claimName: stump-data
|
||||
@@ -1,17 +0,0 @@
|
||||
apiVersion: traefik.io/v1alpha1
|
||||
kind: IngressRoute
|
||||
metadata:
|
||||
name: stump-ingressroute
|
||||
|
||||
spec:
|
||||
entryPoints:
|
||||
- websecure
|
||||
routes:
|
||||
- match: Host(`stump.kluster.moll.re`)
|
||||
kind: Rule
|
||||
services:
|
||||
- name: stump-web
|
||||
port: 10801
|
||||
|
||||
tls:
|
||||
certResolver: default-tls
|
||||
@@ -1,17 +0,0 @@
|
||||
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- pvc.yaml
|
||||
- stump-config.configmap.yaml
|
||||
- deployment.yaml
|
||||
- service.yaml
|
||||
- ingress.yaml
|
||||
|
||||
namespace: stump
|
||||
|
||||
images:
|
||||
- name: stump
|
||||
newName: aaronleopold/stump
|
||||
newTag: "0.0.11"
|
||||
@@ -1,4 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: placeholder
|
||||
@@ -1,23 +0,0 @@
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: stump-data
|
||||
spec:
|
||||
storageClassName: "nfs-client"
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
---
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: stump-config
|
||||
spec:
|
||||
storageClassName: "nfs-client"
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 10Gi
|
||||
@@ -1,10 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: stump-web
|
||||
spec:
|
||||
selector:
|
||||
app: stump
|
||||
ports:
|
||||
- port: 10801
|
||||
targetPort: 10801
|
||||
@@ -1,8 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: stump-config
|
||||
data:
|
||||
STUMP_ENABLE_UPLOAD: "true"
|
||||
STUMP_CONFIG_DIR: /config
|
||||
ENABLE_KOREADER_SYNC: "true"
|
||||
@@ -15,4 +15,4 @@ resources:
|
||||
images:
|
||||
- name: todos
|
||||
newName: vikunja/vikunja
|
||||
newTag: 0.24.6
|
||||
newTag: 0.24.5
|
||||
@@ -3,6 +3,4 @@ kind: ConfigMap
|
||||
metadata:
|
||||
name: argocd-cmd-params-cm
|
||||
data:
|
||||
# server.insecure: "true"
|
||||
# DID NOT FIX RELOAD LOOPS
|
||||
# application.namespaces: "*"
|
||||
server.insecure: "true"
|
||||
@@ -3,9 +3,7 @@ kind: ConfigMap
|
||||
metadata:
|
||||
name: argocd-cm
|
||||
data:
|
||||
# enable helm when using kustomize
|
||||
kustomize.buildOptions: --enable-helm
|
||||
# disable admin user - use oidc
|
||||
admin.enabled: "false"
|
||||
# show neat status badges in the UI or as embeds
|
||||
statusbadge.enabled: "true"
|
||||
# switch to annotation based resource tracking as per
|
||||
# https://argo-cd.readthedocs.io/en/stable/user-guide/resource_tracking/
|
||||
application.resourceTrackingMethod: annotation+label
|
||||
|
||||
@@ -9,9 +9,16 @@ spec:
|
||||
routes:
|
||||
- kind: Rule
|
||||
match: Host(`argocd.kluster.moll.re`)
|
||||
priority: 10
|
||||
services:
|
||||
- name: argocd-server
|
||||
port: 443
|
||||
scheme: https
|
||||
port: 80
|
||||
- kind: Rule
|
||||
match: Host(`argocd.kluster.moll.re`) && Header(`Content-Type`, `application/grpc`)
|
||||
priority: 11
|
||||
services:
|
||||
- name: argocd-server
|
||||
port: 80
|
||||
scheme: h2c
|
||||
tls:
|
||||
certResolver: default-tls
|
||||
@@ -4,13 +4,14 @@ kind: Kustomization
|
||||
namespace: argocd
|
||||
resources:
|
||||
- namespace.yaml
|
||||
- https://github.com/argoproj/argo-cd//manifests/cluster-install?timeout=120&ref=v3.0.12
|
||||
- https://raw.githubusercontent.com/argoproj/argo-cd/v2.13.1/manifests/install.yaml
|
||||
- ingress.yaml
|
||||
- argo-apps.application.yaml
|
||||
- bootstrap-repo.sealedsecret.yaml
|
||||
- argocd-oauth.sealedsecret.yaml
|
||||
- servicemonitor.yaml
|
||||
|
||||
components:
|
||||
- https://github.com/argoproj-labs/argocd-extensions/manifests
|
||||
|
||||
patches:
|
||||
- path: argocd.configmap.yaml
|
||||
|
||||
@@ -1,77 +0,0 @@
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: argocd-metrics
|
||||
labels:
|
||||
release: prometheus-operator
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-metrics
|
||||
endpoints:
|
||||
- port: metrics
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: argocd-server-metrics
|
||||
labels:
|
||||
release: prometheus-operator
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-server-metrics
|
||||
endpoints:
|
||||
- port: metrics
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: argocd-repo-server-metrics
|
||||
labels:
|
||||
release: prometheus-operator
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-repo-server
|
||||
endpoints:
|
||||
- port: metrics
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: argocd-applicationset-controller-metrics
|
||||
labels:
|
||||
release: prometheus-operator
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-applicationset-controller
|
||||
endpoints:
|
||||
- port: metrics
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: argocd-dex-server
|
||||
labels:
|
||||
release: prometheus-operator
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-dex-server
|
||||
endpoints:
|
||||
- port: metrics
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: argocd-redis-haproxy-metrics
|
||||
labels:
|
||||
release: prometheus-operator
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: argocd-redis-ha-haproxy
|
||||
endpoints:
|
||||
- port: http-exporter-port
|
||||
@@ -1,8 +0,0 @@
|
||||
### Adding clients
|
||||
|
||||
Generate a new secret + hash:
|
||||
```
|
||||
k exec -it -n authelia deployments/authelia -- authelia crypto hash generate pbkdf2
|
||||
```
|
||||
|
||||
give the client the hash, store the secret in `authelia-oidc.secret.yaml` and seal it.
|
||||
@@ -7,15 +7,13 @@ metadata:
|
||||
namespace: authelia
|
||||
spec:
|
||||
encryptedData:
|
||||
client.actualbudget: AgBkqA3lAi7ofkC47b1OlqFGQQ7TG2xJ71uT33fvXCuibkOdvpGyk5eeY2YGh4gqH9zPt739Vcee+y2w+DW/rrqoIPZqO1tx2wgNVT8H/ll8eFe3+3gBIylYXe0JQ2+AhonAjJgUuOKlTfv3tOiNavZEiDM4bVqv+5QfIRAy//YNr9p+G4/grLzc3+yfvGR9DaFrldaPDsg49m0rR2KXGL417V47WL/d1/7tDdoPEYYsmd3iB+RT3L1pQlGIGpieswcI6LETb2HuS/lelL9pC3yA8zBYq1jVW43LF/E99affv3VBdVZckHn9Ad5juKICXqxphp8Op2ynOzW0QNMdMjVahWPbNAAn27cTP5RZDodTmQGbPrK49R00IjzKKU4bDxtAwOpZKVJq3ArIh3j2ETycn/FhMIpLGEAGpMl+ZO077aznJl77nOAkjSXioOkNiPh32gKg5b3jVwry//8g4vTS6AEkNQkMrRey12p42MnT+CHDwgqAu0pDVAM0QvE8g+hhX8tENNN6IalRar/mNAa/lFcm1mXPVEv0ST+7YfQPm5vMY/BNixlpPTN3qd3KJje/Ahv7xHhNWnkez/+G++/l/mUjgVUsoD9cJ+p/87JZOKLiPEbxINFNcoJfO4XJrua6BwtwiGhsdVv61myC408AiBJ7akir2IMe/b/O54xZ+H0SHKlXc1lqRyQS83awcZj9tBAQut2B4IY9yNaudQyce82qMuH/X8pEWrNxfcxgnBCbAMJ24ZU1yWNFO3wqRaWO1MxOny8iefUosZI1wjYuDyzTcMqnq4rEoKEF/Q6NV/N+Rr2NNOiXR1/NjAfsk0CKIdSrERMazzM58omAxULlCgZGTw6i29Xulj4ToLXNhKAJqw==
|
||||
client.argocd: AgAMeMuApKfbUmJ7qxTVuiFCoQvQnVY9e914jZJzZVoD7NNghd+GoI/kl9JuaTGd8FXC9Snp+Pdduvw88PNlR+ZLDQChh9z04BbYm0jOhu+6mxMl9klVc5kbEUILC8nA2Oad0KshnFuRt8PucbM3Adk5P8WwsH0+R0QCQqze36d5pZrNT3XsVHFzkEO69TVNmNDtde04UnlGKlXhtsZHVF0QXU+O0knNPK8Gav4NEAP0GiPSA4Hx49rpu3PzyISi0vUnW4jZQYP2hnD8arR4pAjehuHzkjt8A4sP635KaQ3kEE/6VL6eBLxzFeht31p7/owMAqvjA3Z2TwHc0Eo8zqzQdYIejDvBcm3p/iIECBJUffRRKT6ijlJnzmL8dFVRDkWGN3D2eg7xELQyoQfQLo8m8v3o5rRLDMxGin/dP/7DqL4GLRRIJMIcg3VMNqdSbi7ESlZ0zWZaFQ/3GQKy6y7ooqQS/nn+2stVo6RRuwAlPkpyTa29wOu4fjIsuQ4O9CQrBXowk+4xO1FqWVMUcPGfrLx32IcIC9iZ+QAb1goh1eADnl9D5eKJjWouStvA/i+YlRayHrIBn6XwRgcLaz3ydlZUtwt/HhheeB/N0jRRFD7Tf7SWMdOtyEnngglOmOoiytU0F8B+jNW2OPfPU3CP2AkKvLQ0El9kbLQHYpnpNfbjq6Fjj7b6l8LPo58WBua8uQBwghKL0d6NnjdRymLylJdMUJvGF/9F8rW+1VRndyVyuNRPUXFJv9wqklLQYu7+dtAphsnhO17LdGomjCkP51VtFloWNH49aBWj0p6scsMVahzU2lhzwWOSLh7iK3lm5Pyhkwl2GPR3ayQG8adSE6BaswtmdEpKYEbvi5kWy4In/Q==
|
||||
client.gitea: AgAhsbmgb1LaYsCtd85vEu6dkwdzlIt9rfliyrjFxAmLwstrlhY1IXXrtd1f25sjWmxpiRnUmPgSaaeBpd2YEOFI2tDh3rwUW84q77ynmcIOGKEHpfQicVurvOuj2YNFE91hBf4A18QYRSLDZyCg4yJ/Ult5vS88mNSfaSrDkknjnNfV4+PZzM1JAfILQtWEMmG89vyIr75Ix+i6IkHdKu5YZK/2aOS+vX5LYiOGp7qVXkkKDCvbk8KNe/2gqvaSDCSoRCdtzEP9SdqOY+Zvw1A6dMTP8EZQmXW3qsNn6m9J+bFw8C0SJ+ptG3teuzKKvfkuyUVRSoO2aXREmwzkENG7jQBy4y3BBDU+U4iF73e1LCFczXsXy590rHZ66Jx6OseKFoGn1Jw/ir12soNCU2dnkUfgdiqN8yvkRJ3O/h2BYC5r7IJqIxNiqY2R1EhTgiG4/DhAvTcy+iZlgk/YMqSGVFLJtOQiy41+Vej79f7kw3A2u8HGksTkL5zkGxYIY8EyM+/VR4wHtUsjJTiP8+VHFWw/v5sxnTWAAAIdRn10371F8FNqdD1dCs5U8Xop0/WwFYaix0/dLkI+tJxQvopObAY1G4RKmTy0GTgE4sBGgqjI+KKdVdh6gO26WxtF07MlL57IjfQMlMFYXyapnDRplZkTfDBioF7+8eOd1hajgKUFv3OqkEJnk4ifZzfjXlAAdXRzic6ppfb4w+0YkSluZUTdTFr/SWt9eUnLYz/dkZ8ZV5mV4KZHlvPvfCwBWR3F2JfT0WUKlvC8l8AJKwyBokZJZODKDxaaGvoMvKgj/e11YncDpY/vLP/QbE2onVQKaA25ukUZNFL3WTZR1igi2huRns+/066HdUOLzncGceyDKg==
|
||||
client.grafana: AgB2SV+f10heiF3WsurC2+cFZP4d+IvjVE++cDzVRacTcatR2eI7dn23bDYZv8ThLtByI76VWgIIgC3443WeyA1cXFfwUU/yL0sVTUmWqkMLjNosCbW0m6MzIN4nfTwG2QgkeNG9bTpO4KXhteTnNOZ8YYBIfKLeBiePUF22B/SrDu3l9AgBi0myjC2uoYVnXY723x6URbrapS6E5tbQTO9NfEIL1fsNIKOEskepLNfVSo0Np6jhkn4FA8FKkKNbbHr+im2zZkuo4xgfdUY4NEHpe/SYpsng8v2dhhy2/S7FOFZfJLyunCfrz1Y5UFvhNiosLgfcbPaF/+2Z9heYLEnW07suklQAwyhmFhHwukkeO3zdbJNDJMd1KnNfCSU//OQjsAuwwmXmh9Dqz89A/cimtpk4AjbRw9Zj1whrJJCx3WcisLrEJr9KrxNSY8LAzFTTq5k1bipOCpXnov0ZOrOpzgBsrmOToVuqfExD1cPAlm6L11a2H+SGs0271LIzcekhCnCE11mOK88/z6nLSmyYZH4f8TVt9RU8YmNZzfEJr9JCLISsznIILdtroPbCj3ovp2Q4brT5FdsvhAHSiHL8XHvDwbPJF71p0P6u/P/2oAGmbHdr6nltYi7zKiHLe2ATxEm0dozh/0usayTOvl4jyJKsn3HQQrBrGt/fNPRRm3L/vtvBSfhlP6slwRl9NUcrW1Q4QhBPsQWAEf1xBUYGMephez/4wpOUgxpmLnMZlWa2IKKWUP9R6BuP095ts/YKVT6otScXHs7h6sarQEgMELPyISDTmqBFQvX4Hm/M3uLSuyKsC7g+MBbgIYZX+/2IeR5jLN7zIdv9FVFOmwi5ChFD1Gk+QrQz0qLIScwPN61xHQ==
|
||||
client.kitchenowl: AgDDhHuXHy1bEVjoJkEJsqKGUmoVDT1cMYxB02J+pxQ3BrN2YfZDK4CDMCdG9srzSBD7tG9BsZ9Oja/8imV3cjsXGc90hW/L3doSqe583N9TcDayMNX/lYPgZUfA/7rva02fHyO5dKRSUtRHaR2MjqZdmxhG9EgQX0tIrgwoFIjnU3Jj5co0cWwnd68G8CMZn72DRX3rRRmYv2I9KW/FUva2tIViPVtnJ6DcpFt3eMUhBmW/XOJWsea1QtJ1Ab9d1P+Zi47O9X5eNkkQrlIYMAt52VlbfhLDnI/67WA88yI7OTlsvucFYlvakAbZSk4CFfO7X/cg3v8Yxb9cD8S4vMB+sx7r5g6JfL+psaifAmJDQl4CLmzohaxegiHGWj5k+rWJgO6z4wl7jmiEKQkRcqlE724U9/3tF288AItlZcDUX9UifexeP8bJFua7vm9/wZqLg6eF02BNo+oWzFLjNSWBaEkSAjYCqUkqayfIgbYdutB83tB1gR/LKmF1fEIje0q0dap/b0Jrtq6LRSyPDMXiNeZSiRB+/GpoqkHz05I0H6887dEMwOZMhu9v4YLRyhH7FjtjwOSOiw3CaNCTW97IC0Z6EnFoiOJ9gl7TXg9CbpiaRN3Ds3RonL9scspOnMnZ6zez3khQwZCoeDeXOsE5YBYCRJkTkbZzMFoFBpOEhb83IfsLYlTQBF/LHD6FbwwaNHZscZSueMqK/6iq4R9SLeSgaz+/KKTpQ+KZVmGUttv0feNxC37/1jqbQZ7xH8Ykt6/Hvba7JvDRHrxNzgsMYWcZXL9oLDfheHXPpuFYE5KfZzMNDqvdje4+C0aFlEI/Zj+ESCNRobqAFg3UFuUrgtMjbzfpgoMhnPYL9/Xqz2Xh4Q==
|
||||
client.linkding: AgC3GAgek9/3PvUSx3IEoqrf/kp7o8tMIZvf4cjv/mDOYKkwW5qvLbAHSdOfa+ZgpNNtZLC0jP9qYLJ1ULwZwTqQbq0PdNURag055u7w/dhIc5x/dGlu5p3mNGHWBFdwgZ8z4d1SEl05j1RfaM3OgtNwVBK9uqDLAwB6k3dry8MVLxq42+LeuhqaW3gqrecLDJsMlQtOlcuaz0IsVFPZvpFCVjGpLrw5wp5sEeInw9P6BJov5zNEi3YotoiOGuWmbrcGAcuw+wkql+lAVppQ0qx21XQqzwROu4TT2UmSIGkPC4tTykDR9tVUiikEIdnh9JuFXtDcMBmNMJUHoPVyiB7rMyCGRlkA5DkNp6zAccdJl1/E52TolbpXZC9qygZRCqavkDedEdJaGZVzV01Tv/UZrX8BBl0wljfZ/stweJG4QEuAp7oH4zyty22P21V7nd0EI4NUnVOFkZm0OY5DHF2EJx3fOpUzy4jr/Eys3Qr3mOeqlVAxGFI/kKdmWgZWkiGkQhGboJYshfdxgwZWwZ3csinfVMQqQKUt84OimGTbWhKd01LeeD6tPsB9KYdZt9S70JSY3bh1vRcvuR+hrq4ZBU1GfhGHMJOfs6kqijVHdScGqSFcTvOi3cVq1U3leppDCo8Iq3skJlGXQnrAqlzAf7RiV3vUob/fCe+IWPXppqZHk6ktuAjVp3e9kDigq0MJNsufXELTgTHVpLXxfh5yH9vxVOxPBg5iunRNM+mMm7BGzaJ2WNno+TA3I6v8HUK7LJ36I4ncKY/pYSBPIZ/AgKYHZwnS9fzMuDBV0jMnFkrw0O+2Wsh/Vfaptx4TCaQCYzoY28RbXepnieUrOOQjTevaJVp9/exHnqHRU14easU8Ng==
|
||||
client.paperless: AgAnr9ea5mnC5CyAUoyfdzThsMq+djYbaknoGS50haZOP9KkE3tj8+IU1fIBF+RM5IssgrDTTJlt1O0dbSEQeFZYeVmx70v3sfV89suc9mHAmTaMSMpLfA0T6Q5dzZVjkxuRj6Qc2d8qCdX04rXBBWQDmdAo+29kvdoSiBtYeFg5z3MwhjxqKCPm+Ep6u+6xdYbcxIZgSz+/C2o/Op5vstWUEqBT4RATHouqAOK4He8fgnbeMjM9MzXmR2Jb4X+rovpwsOlH4eyoYBexeSry7eYkOhe3o9S43Hr2QxyRK6lwAF12gU4r86fCq+wKk07TlY4/yf0L90R1xPRTCO5JtAO/jTDxhU7SpzYgdG2DSAXlCT/LIBOfLuUXi7XY+EfRveKpdmPYIVNWF6OM0MjtfQLn9Kgt2onFxwOvb0v0i8P6Ivs4hoy9CnZMsIG3avbNB/8WZ7gaf4WdrtLK0HNfNjSDmfTKsuggkdA8ZuJa+QQfjfPj0ozLz60PAdz8aXV/W84NC0isaJc+KYXcx+FkmNJNyv/Usvo8RvDb6XfzfDjf5LiZ+Ylk6E3gvBGrWstVDi3WJ5dUwIAcfrmFz70Uffkme/w+zxwsaZH4tqayhPxjGALzf6Y9XAa+EkuyfJKfLU5JuHm7jHSsO0fWyflsF7LrjytyFm9CUlVAdbIZmjsoYPlHy/M6QHVGAwtKTUB/QOTT/PphCc2ZOetGZ8kQx13lHBBfMGCO6ihyflUEzGRrTVo3Rd3FqvFRnS/2Vf9S6u03/9qRPS7hK62VtuNxKcGZLka6odoxOKxHk34+mMC1qO0uGLVbM5wYPxBw0Av5L+F13Q4SBa04RJd8OWkspd/T6Yv1PTRGDEUmLZXT0Jv/e2YKPw==
|
||||
client.recipes: AgBuQOpnlwK9qgNWTmpO2c9V8IehsbpHUN6UrwWjZrixE2If4/9z5KhdOsV509HMKFzphZLvso0R19HVtU4eKjhtXE62guzRS6aClQzxtgYDUSSdC3nTuBkTn6TL/dZeJjU6G6t9jPZG1nAACSPLlrbSgfcMvtEat4rEssDO6gNw+lS87cJTDzbqxVWsmQ2xDcCqWtuHH6E4nfJa6BvIrJ/1pd0sEij2iWJgciIwg7y/g9yziFtJudfag0EBRpPSxNtdorYxRSYTxKF5VkHuZKenfiRgU1wxz0KcvSjqE/ZPpB4UpSiNQlQnvpI3GUz2XIbaRGdQl0Ak1NEhKs89BXzcE+7tC3A/qY0tJkJRg6ePImKn6NxxJ9MQHpsRk2mW6r317BGLkabsIhqpn5Sw4Xm5MBmvmWVReDyy8rAiCpSXO5tVUrBHT0TX3pxq+TuX5j70G7kJxVyUBsVK6FsjTIOtGsrNEGbv3FhMG8bxRmBt/4XH8OIc0H98acWhor/kEQIHlmnW6tQNuvKT9ukv9H+e9RnPW7D/r+kqf/ZghbssF/Xjo2mbkdpz5aFNuFQwM0SUbVplIwXJqgaYZOznatwH3m37NYe3bcKPIr4b35NnQM9RI4UeLCs3WYRfm8260n7bvKlv98MRTr0P37O4gZ3uf/Dff9UryVaO42VvMF4n68eixOYmSeZ0CrafXYaAmd4eTnKQkBR/KxLb+Gp3PMZm0pZJ8hS5+Rew24EMtxBkT0KvaKBlTePOQtU8WloaWuyCYtgJTCogBn0QZ5nvxFTtICDDSJQ0p2yKbw5Lf3QZhjYqbF/e1uir20+a2Ic0FVU/gjfzW4FI3+wawqKDBpxsa2bAkg/4Au9INGTYV0YMLX0gWg==
|
||||
client.todos: AgCbiUqRaoP7jTPPmJvqrzPgOJKY2ffG6MPH64xiZXF7gw3Is0PHFYU2XNxBf0dm9zjnKNIF+pe8tE9/IVyO2cwJdxFrp/fJng/sTXBW+gGKc4I1CEexQYFQyEUFNGKs7jn+3diWs+tXmUyN5SmU8hwuriYg6UxqQmjZCBBEHpCkXAGF3nXGUemmS7EOud/PhnWT8wUhaUTyPt1qDTPpfRx9I2GUpQ+KJUPK5h75m0BGYsCdG9suzC5PjpFoySaUPdh+PbzxPhpV92QEZW43MmUkA/bEMcYQnyUO96SpgsM+JSLOXhvQN5rStmXqxxuW2b6WRiDHdd2RHuMwn3pExwEK8FPoMt58Wo8do6SAasz6icskhdzAE44FhNpMUxUhJRqU0M/ZKIygfq5/oYDYTfimlwD2w9jEhQ7PZSjOAdfhC/u4ISJzsqGpkbwRORfnPuYDR8FJ/W7euF9V904fH/YGrRgd1IQm6pILxAJ8ebeYqmF2DXuxcJKS9ba0t8kl/W2j987/36DZ+jvfolrldgeMOvQBr3WCoeDBhTL1ujiTkPaWVI6w2PcHK57+C97FiAxkDHQnpTs7Nk7/B/aI9/XN333zHWVD+DIYflbfF16wbt4tJ/o3DH5t0NNvg/e9n3YLinvup6LVpeDZXY8E6imKAdDMHJ1EiLFhb1Qe605XPqWKwlGK4EKLmHcsP1/F2C6h3IZruoYpatqa6rwzgbKTtjlCgHSpPd0ndieAEi2RtGTtAqc9kSNzxUK0aMn2rubCZ2YMPsN7rbNGY1v+ow9zLiiVOLkHHXsf35BFP9v+kjA3SsT8xX1Qgx51pAiWdxgmuj/z5Y/nhGAZEc8T7gkhECbrXB4c+MiNRNXh6jR6qPK4Hw==
|
||||
client.argocd: AgAO/s+1K/QyLFsj44qAsgj+qS0qE7Q1De6cjc8UpsXDTQ7Y1SrP+NP8K7mZwGgQ1ItJN7bsIo79CFi4wLVEUOmAhu9dFwot665F0iwA8aUrcohk9xfqxqcv0A80i6mbchd60/GTaOTiQ6IFbeKBsxdv37NhvExHia9zdPFBVZoor5gmfZi1l8Aujge0dHqN0Qtg6R73b+abiJZS/h24HmETPJnRARK9aX1HSO8syBv2cxOuX3oYpVT8qvw+J2pgF7pD7YF8ZXG5v8VkXLn9vZ/EznTRNPguGC7YZgEXB9dvSJMcQ7KXNqtreKtSJk9V6EuhHHteHAlrCMdJ/UILUx+S1MLdSlnmoXHLU4oXITI688ZiGxtp0MyhknKPk/rRHV8To/lbEswy16j39ES4+vV7UgBVIvl4Ds51C39VC5G3gKL4xuEWbSuXv3oNbIPQzNZXGPkn77f4A7NQy2Wnp9G8RKtJSQqoWaOCNoytngyIkEy/Z6tbNFmafRvEKSSNLMVeH8nChpbqCwVBTrk1jASYFPW8sIlVh9zia2uihiHzIxdKOQXsvWMSGLdFSSiG0vlC+yeBb5PhWBA+0nAsKGO88a916E9B011w9qK/92GOcYaU/Kgyo6CnseVyJgSjv6d2IHxKTHnQtWpEQEHO2VEVfuqiISDz8rSCFbM5U91Qly947bRMCXXY8GuFnmlNJpqq7QPp6HRZBt4ZfRmkI/E5y7Nb/L/SfXDJsjSd0z4U0vJi1tYxIs0XnprhxjkuS88ZuqdEZaHxG8PMrACSltKzZhwBnjImb2LuOF3mUitngF2YQ5L4q5S7AcOU4fVHwoK+wONNCEjI63RiGo7DTm1AwM9lA5gM0pQSU9T1JqWtYcPZVg==
|
||||
client.gitea: AgAbX2GgysUuAg3TLLK7Puhtl+L8x4cQOGo+3TP60DPms42Tw6oihHQpSTzIEetdaqJ/QWrdB2FQfzhKQVM0hQji2uVH34SyzvP5TepJJSURUZAHGRiwhb/E7S8ag/ybBWQ9OIQzMZBiOOyDULrhmjbtr/CbozwmvdTIKiXIBLxQbXA9PjcM76UyYZAr69wP9a6xOzwOZgQ2/aJbWEFnItreUaqY76FHzKwkcPkzwPPryD7jvpVoLC2ZsbFLCptKbaCpRuHNQgHblWB2dj5wkFRGmNyHH7mglq9A2FbB9uiAD+2K2tgYgSc4yGaeGIvu/Qbnioc4F9nTT4ZceEtMu+sn1gVWy3kKkUDOvCcGUALo759/FuyTQ8JKKJ/zLYHhCJ8IAYXFhALe+aQMZbcycbD9KU8Iepq1DCTsyjpbM9K5w0D5ZnBf3V9IemjtMNaCllDq1Io5mPQaxlyjsWIDgvXIP2KEGekSlnh5O2yNCQl0gLAKM245B0lxyRgr22lTH9AJacbIVevwdBq0B+iSm/JGJvWjwLzfL5D41HY0Z6ZLOLUFKnTHQGiRp2+g9ysg+38aOQ1PUAXlloXM6UVnEHdahyvuPmAfo34f8vSaSrT1b3Xp0MzxUwxzl0bXO9wQ/As41qpI/DKC45CFDl1yQ3/+LOggAF///peSyzUNYUvbqB2u5KWNrLulXO11IKffHYeiwfeINxB0B3Rzxpl2ZBm4k8cauArTneYYcic+DbweY3WjcFQPCtfQiiS56S1wQeF9xgZfL2WNQA3qnnsB4mYyCLxH/oJ2JiiKrISPUmEcERnU8rdUelZ+idiT4s4PDpOo34QK756nzTtyWGjU0pIm6PIpz35i4djMkUoNpLq7bcVcKw==
|
||||
client.grafana: AgAtsKa6TPkGYqT3BcmbKnOnKG4xNd4N7tv7Vt81rh10KupR5z9c12y78uyKQZMyWb7PDDi58nIeWzTmtVmoSl06D8NCOfYrlbZQEl+NJsePX/kiwmlOnOrLBQ89uHHdlU7MCBPVDZNPY88xzkZg0pPnWYlKuvtNpV0Uq03gUosM5kV6zF10LRM4Twhpw9su5mDkwzyrALB0eALkmcktDpbayr0b0ZnK1X1HYuG9/GRTfa4uE5Jqbl+h3wV8cqUHt5drCVu3yGEP8palqTWh3LZoVFddDZ6EjX98FNGorpgvXzQrSwR3DHEovhER77MFgJu5vvVecgygPMHpQETb7VPpCoiY8WwjcJMElcFbVFgeih3mMxe0vgkf4AmyNmHvV52QT01+a2UJfwb2l7J+BJQS2qRLWX22eUJ3jWthFZp1bHxrgrizaqLmuR0WCabiWClS6+w5ecuuEnjZKhnNgGViUTZEo9r4Y+Hq34DbpSbQCPD+KFwjSy38cu585wHnMJHbmP4tVH0+zAA4sNzlcO+Dt2bqNZ5bIl+pq1y8qP6sABiRIxvHOhnXSHFhRQzUqrO7D/0WEHzsHNR/FyuJJ8gsE/ZS3gmMq1qaYAdLWanNPtJtcZxk03ZTGRmx+TRnoeTdGniyROACL2e78MX6gszjCpjIQWJOh/gDmMtO/r/0wu+OFUlKm6ynpm9hwjTfVXIAxVGQZP0GNzhxWekkB31og/XUHDDSARhfqozor5Og9vznx6t0wtOOzMXt0M6P7w7+kIEfLHSroKgY0D8QlXNmBQf1Aub7j6NjyF8xdQtxMhGmwbQ6AC4H8jUdzRy+zPCck70dA3hSwS9aaxDy+xD4zWAmZAzjAQS2lRbbdxpxh8L97A==
|
||||
client.linkding: AgCUlf4WAphijd9Oy2x+WRZv28o5alDpfF9hiro8y/99jZb79HbODkS+Z48mFRypMmu6nsAp4NJmaM5Tc0kOXCfoqAkcw6AQ+noalSCzGpH+laPYRnvD4ccVbJlePIeQlnQZTipSTcNgoCvocIfi/5sgKFv22VKEyYuOEmZ3VfQ96CIbyitbyApw0JHi5x1kanw2QFE3dmumnNG075zQ/aJYucM4lrpDY8P2YhAbLNaJx5dB7SCeGoVvviDtuZFHskLFIIzV0fjBIhX6b6vfRgT4IQpaBTpEZcQ+tLLrEcL4jAPWzooDmpgCU0l1wg0Xf3FmV8aBpzs9oicvQauLVgKF8ouBMoECjB82sLAuI1pBUbOKOjxCnFTnL6kGbOZm77maddJ837Bd5BOO2spAhUYfQCuPg98ZyiNFSCKzf1XX7mDY1xeV3S6KizpULc1fimKoQL4EImKYWLI7GVnKUGvS2V8WVTQu/ZuPCTfpg+OSO0YOc3eZPqQ5immSK0Azt/PvHcoxiNYHajI7Jy3OvF6Fhv7HN/prHZJZMARRnMTgpPjvp5ZE+xA+F2FURllLtmNF3c3i8s4pM6xi0GSBsYWc03WNIk7aY1oENg4aEufOHnknuX8GiGQqdnKPPUuhiTK4k5iyqk7Lo9ntdu+WJQllUoNe6s9kSRua78wyYb684nKNfAFbyYXUW6oiWD6eYCSgyCj8xAGdBv41/Lz1jpUgSetvoHcDPjh/mDjGWRAgg1hqaIr++DRuFW7mEaXthoGsu3pM6JxVzge/mEfs/DM/vn5GEIFvSGuC3Nn9IGcyqeVWcTtlRh5AfTe1tNlohkYkNr96Fe+j/7MJLWgc59th8FEH2F5ygbPg9ay6c1rGjSYD2Q==
|
||||
client.paperless: AgBJXjDVqEubR+5He9KVfmfHV4cH5DLtiLmBil5srrUTTlJpjBtD0OBA0Rj4qpZjrOHal/p0nfGQkgtvOmj5NWbplktEjmX4z7uRT8zjatK6zTjDHW2x2x9T7V0LCBQwkPtboBuxQ6tSc9yQQr15Ru6rT0BgvgDd5rOubnQQjK9AjxUe0VKeW0nGnZI0Zh9zIOiW+Yt6AFzheYgAfF4dsbBe1hTq7N4L2JK147YLI50GqFCL+vGYpz7MxcU3AzDi4eEP1ZmLga79eGvMelUSR4d1l3k6fjFQ8mCPPQ+PkMoWuu8FZ8pT0F+qdb2jB7GCqPedBmuzJNT127mqWMJN929n5j/towZjI9IDd+q3YXlfMEWSY74r8x/GUGSq8mB0/kS+iLyC+p6Rmu/aaW7GNkwZNtcuQkI346JBOnUSa0bT/ElXDNnRxxHGPCNQshrv3wTVoKgN7wxkVVXbX/MdXPE9NqWNRQK42TdROXpjWa/FVklraQ30XPy/SHBENbhXvmqlzrbMWmK9/auBKDB1tmLASUcO4iObOSFPUdQrj+pJ4oQFN1nlyX06i/X8ECENov2jwfpf5tW0sWoYVSPWuZOIOk2wEF3HXnzCtv/f41vMixtqhpWPRvasJ4UejsuatHaYNRj7uD2FjbpYItvT4QA0xepIR97jVWqc6bsN23AFUJIHJ+twOYpNIQJqJ+mx/g6Yzt7YOTM7X2VJO6dKwBhuXx3cRigU4nadZoTELT+Wh8i6n1lA/kD0+A3OuMjwuTrvutDTOHH5RjDwRWRw3m6LohWfdQIVvEkAM0RwwvcC9Yu9W0PH5ZpUGw3zpiqzgydtxTXEwi1IGS2rUKkdhkoShKJ/ODMZjjRxRX0H4zkelPUDGg==
|
||||
client.recipes: AgCK/GYJr88kUCQ00YtksasTKChbCvSxxaIAa+08Xzgn2eRLmw0quTgqHS5yQrdj6SHNsI+tZifmUkfHXjDSP7SShhg4fe6T+r/AzZmYb6xFwvZGHF5nSmX5Xy94Lla/x0rOOTuk42kV6g6KJYD91VTLOYGMD0IjdZkI2NMFwXN0UIqOZD6SGhKav4WwZRk0GxjFwwW32NZH3+O1aqTCdBYsMzNFAJyur/Wj7ZpeFXZ0fdBHF+gk/RYOhIzGuoUJN9qeh1m/miT032jcapF2/bYGakufAl6gGtA13ssYcXqRZxqrOTHzvIo+/TULlXL5KJxA8cyTj696YsIc2svugvyrvJmHghZ3y1uVU7V7OjxRLTni8pO4boq11TTkiWdkDdSWmXm9lyXrTrHYstHs/KfdOxgshOXNktME0HOFsXdCJCD/dBRd8+Csqb+Xo4hy+m5ROIP1QP0lJeMId+yWL15xEb0CiEBw6LVLhtO3aZ1mYxJBwcjvBTllLhU1y3z8Ah0fOvcOdBx8ncRIn+tmVCgjJXwm5eBIku/74ubvR1avAB/C0qX1zQnWRWvmaE6/k58RlUrQHFWFI9OvJUSNushlUus6roEux7suZ6uhXJFfB8hM8okbIMuNJA99HdA9BHRr0ieoZALbQ5HZf/zFbKhGYYX3HcyExUgv6lxvwxlYJJfXtMPic3p4iPq3f3aLMyco8pDECKvoVlyAgU6RoCp2RDZeJ/bwaL2farGTy3HXHpw0jy6/6dZuQCD457v6a3f+eLBDbubaGXJsGF1msRyChdcc0JU2niKwKd454WJoWBLn3LVIsthtCLT5ZBY3yfttdjLUmocyPcYFy03LA1ogOztKjvXf0FjcofdcpIrfWenV3w==
|
||||
client.todos: AgBSbi/vsGzl/L2/BAWefZZNySo9TEHHUlf/ilCgcQcPm53wmd5gFJUyVhjOheN1AUdiLw5UpeITig/A8UID4B/4UOfDeSfwLYUvPgTP/5OxtxjoonWkrR2YGjPmtdBd9WZJVZcjb1YABuXew3SoVfuObw4F8uAn3iojxrScaO7J+vUZSNUE2fbd8kJ0064v/Huoan0PheFbRFqSVcDKVg62byh5LIGVtmcwdcWz1v3aYIRRB04TyyHAlmihv8/N3ppTrz5HR98Q8WHOrORIF4liS1c80swAUeFNFuDHjxbN9yphF3Z7taoBSwSdqNgEWjAr5tnFVRO7A3VmbuMsM5y9ryitbPqPijB1GIqqwLz1Ucn+KF7eK8kdhyZWidrBVWCQ8E2EEQELcJnotZd49M7y505LDsZgl8drqPoXoUW2HdPXcZzNqaGrc1DNhEK1aUHtuE4jBwPNVjEV8D2cQ1mm/rzF1YPyUPQ+TvqXgLvPQx0tZU7vSVBEQDAK+bj3hkgivPPM67iiSt3rrX8Egp53Hg11jzIE1al/Zlfja14broOL9yCc0dUVMpOXrT71t7RjYiPNg8CsK4GM2nopGN4IzMhP/sFzSSlwq5YoDxV/mysAGLRBzL615Gv3QRNAubQocnPj4iOCMvpIZdDuBTmCrUzPEzppwbb+JHnNoFOYQBdJEImLicnsGAiAW4Jzns0kElCpCl7wp9b+GCoqmGpzkg6Vk/LU8UGVDCnhuXmtNA7EbT04jb9SxRXIUl4/fmpzQWAC5HGfoSoO1M4LKp46sS7es2Ts+ggXrGJhAYiDnX/EJxkl4OWzhJ4SFiLVbeqcIIIYslQkz4KP+haPvbjY419zEDDp1P/lBPtJp6Dj81B7xw==
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
|
||||
@@ -12,7 +12,7 @@ pod:
|
||||
## Authelia Config Map Generator
|
||||
##
|
||||
configMap:
|
||||
key: 'configuration.yaml'
|
||||
key: 'configuration.yml'
|
||||
# include sub-maps wich OVERRIDE the values generated by the helm chart
|
||||
extraConfigs:
|
||||
- /secrets/authelia-smtp/smtp.yml
|
||||
@@ -75,7 +75,11 @@ configMap:
|
||||
|
||||
local:
|
||||
enabled: true
|
||||
path: /config/db.sqlite3
|
||||
file: /config/db.sqlite3
|
||||
|
||||
|
||||
# notifier:
|
||||
# notifier is configured via the smtp secret and merged by authelia upon startup
|
||||
|
||||
|
||||
identity_validation:
|
||||
@@ -105,7 +109,7 @@ configMap:
|
||||
|
||||
cors:
|
||||
allowed_origins_from_client_redirect_uris: true
|
||||
|
||||
|
||||
clients:
|
||||
- client_id: 'grafana'
|
||||
client_name: 'Grafana'
|
||||
@@ -122,12 +126,8 @@ configMap:
|
||||
- 'profile'
|
||||
- 'groups'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
consent_mode: 'implicit'
|
||||
- client_id: 'recipes'
|
||||
client_name: 'Recipes'
|
||||
@@ -227,46 +227,6 @@ configMap:
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
consent_mode: 'implicit'
|
||||
- client_id: 'kitchenowl'
|
||||
client_name: 'KitchenOwl'
|
||||
client_secret:
|
||||
path: '/secrets/authelia-oidc/client.kitchenowl'
|
||||
public: false
|
||||
token_endpoint_auth_method: 'client_secret_post'
|
||||
authorization_policy: 'one_factor'
|
||||
redirect_uris:
|
||||
- 'https://kitchen.kluster.moll.re/signin/redirect'
|
||||
- kitchenowl:/signin/redirect
|
||||
# mobile app as well
|
||||
scopes:
|
||||
- openid
|
||||
- email
|
||||
- profile
|
||||
- client_id: 'actualbudget'
|
||||
client_name: 'Actual Budget'
|
||||
client_secret:
|
||||
path: '/secrets/authelia-oidc/client.actualbudget'
|
||||
public: false
|
||||
authorization_policy: 'one_factor'
|
||||
require_pkce: false
|
||||
pkce_challenge_method: ''
|
||||
redirect_uris:
|
||||
- 'https://actualbudget.kluster.moll.re/openid/callback'
|
||||
scopes:
|
||||
- 'openid'
|
||||
- 'profile'
|
||||
- 'groups'
|
||||
- 'email'
|
||||
response_types:
|
||||
- 'code'
|
||||
grant_types:
|
||||
- 'authorization_code'
|
||||
access_token_signed_response_alg: 'none'
|
||||
userinfo_signed_response_alg: 'none'
|
||||
token_endpoint_auth_method: 'client_secret_basic'
|
||||
|
||||
# notifier
|
||||
# is set through a secret
|
||||
|
||||
|
||||
persistence:
|
||||
|
||||
@@ -27,6 +27,6 @@ images:
|
||||
helmCharts:
|
||||
- name: authelia
|
||||
releaseName: authelia
|
||||
version: 0.10.41
|
||||
version: 0.9.14
|
||||
repo: https://charts.authelia.com
|
||||
valuesFile: authelia.values.yaml
|
||||
|
||||
@@ -11,8 +11,8 @@ resources:
|
||||
images:
|
||||
- name: octodns
|
||||
newName: octodns/octodns # has all plugins
|
||||
newTag: "2025.07"
|
||||
newTag: "2024.09"
|
||||
|
||||
- name: git
|
||||
newName: alpine/git
|
||||
newTag: "v2.49.1"
|
||||
newTag: "v2.47.1"
|
||||
@@ -59,8 +59,7 @@ ingress:
|
||||
resources:
|
||||
limits:
|
||||
cpu: 1
|
||||
memory: 5Gi
|
||||
# high memory should be allowed to handle package uploads
|
||||
memory: 1Gi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
@@ -170,7 +169,5 @@ postgresql:
|
||||
enabled: false
|
||||
postgresql-ha:
|
||||
enabled: false
|
||||
valkey:
|
||||
enabled: false
|
||||
valkey-cluster:
|
||||
redis-cluster:
|
||||
enabled: false
|
||||
|
||||
@@ -23,6 +23,6 @@ helmCharts:
|
||||
- name: gitea
|
||||
namespace: gitea # needs to be set explicitly for svc to be referenced correctly
|
||||
releaseName: gitea
|
||||
version: 12.1.2
|
||||
version: 10.6.0
|
||||
valuesFile: gitea.values.yaml
|
||||
repo: https://dl.gitea.io/charts/
|
||||
|
||||
@@ -10,6 +10,6 @@ namespace: metallb-system
|
||||
helmCharts:
|
||||
- name: metallb
|
||||
repo: https://metallb.github.io/metallb
|
||||
version: 0.15.2
|
||||
version: 0.14.8
|
||||
releaseName: metallb
|
||||
valuesFile: values.yaml
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: monitoring
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
# prometheus-operator crds
|
||||
- https://github.com/prometheus-operator/prometheus-operator?ref=v0.84.0
|
||||
# single prometheus instance with a thanos sidecar
|
||||
- prometheus.yaml
|
||||
- thanos-store.statefulset.yaml
|
||||
- thanos-query.deployment.yaml
|
||||
- thanos-objstore-config.sealedsecret.yaml
|
||||
|
||||
|
||||
images:
|
||||
- name: thanos
|
||||
newName: quay.io/thanos/thanos
|
||||
newTag: v0.39.2
|
||||
|
||||
|
||||
helmCharts:
|
||||
- name: loki
|
||||
releaseName: loki
|
||||
repo: https://grafana.github.io/helm-charts
|
||||
version: 6.34.0
|
||||
valuesFile: loki.values.yaml
|
||||
- name: prometheus-node-exporter
|
||||
releaseName: prometheus-node-exporter
|
||||
repo: https://prometheus-community.github.io/helm-charts
|
||||
version: 4.47.3
|
||||
valuesFile: prometheus-node-exporter.values.yaml
|
||||
@@ -1,86 +0,0 @@
|
||||
loki:
|
||||
commonConfig:
|
||||
replication_factor: 1
|
||||
schemaConfig:
|
||||
configs:
|
||||
- from: "2024-04-01"
|
||||
store: tsdb
|
||||
object_store: filesystem
|
||||
schema: v13
|
||||
index:
|
||||
prefix: loki_index_
|
||||
period: 24h
|
||||
auth_enabled: false
|
||||
pattern_ingester:
|
||||
enabled: true
|
||||
limits_config:
|
||||
allow_structured_metadata: true
|
||||
volume_enabled: true
|
||||
retention_period: 672h # 28 days retention
|
||||
ruler:
|
||||
enable_api: true
|
||||
storage:
|
||||
bucketNames:
|
||||
# don't care since we use the filesystem
|
||||
chunks: NOTUSED
|
||||
ruler: NOTUSED
|
||||
admin: NOTUSED
|
||||
|
||||
type: filesystem
|
||||
filesystem:
|
||||
chunks_directory: /var/loki/chunks
|
||||
rules_directory: /var/loki/rules
|
||||
admin_api_directory: /var/loki/admin
|
||||
|
||||
minio:
|
||||
enabled: false
|
||||
|
||||
deploymentMode: SingleBinary
|
||||
|
||||
singleBinary:
|
||||
replicas: 1
|
||||
persistence:
|
||||
# -- Enable StatefulSetAutoDeletePVC feature
|
||||
enableStatefulSetAutoDeletePVC: true
|
||||
# -- Enable persistent disk
|
||||
enabled: true
|
||||
# -- Size of persistent disk
|
||||
size: 10Gi
|
||||
# -- Storage class to be used.
|
||||
# If defined, storageClassName: <storageClass>.
|
||||
# If set to "-", storageClassName: "", which disables dynamic provisioning.
|
||||
# If empty or set to null, no storageClassName spec is
|
||||
# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS, and OpenStack).
|
||||
storageClass: nfs-client
|
||||
|
||||
|
||||
# -- Section for configuring optional Helm test
|
||||
helm:
|
||||
enabled: false
|
||||
|
||||
|
||||
# Zero out replica counts of other deployment modes
|
||||
backend:
|
||||
replicas: 0
|
||||
read:
|
||||
replicas: 0
|
||||
write:
|
||||
replicas: 0
|
||||
ingester:
|
||||
replicas: 0
|
||||
querier:
|
||||
replicas: 0
|
||||
queryFrontend:
|
||||
replicas: 0
|
||||
queryScheduler:
|
||||
replicas: 0
|
||||
distributor:
|
||||
replicas: 0
|
||||
compactor:
|
||||
replicas: 0
|
||||
indexGateway:
|
||||
replicas: 0
|
||||
bloomCompactor:
|
||||
replicas: 0
|
||||
bloomGateway:
|
||||
replicas: 0
|
||||
@@ -1,6 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: placeholder
|
||||
labels:
|
||||
pod-security.kubernetes.io/enforce: privileged
|
||||
@@ -1,18 +0,0 @@
|
||||
prometheus:
|
||||
monitor:
|
||||
enabled: true
|
||||
|
||||
jobLabel: "node-exporter"
|
||||
selectorOverride:
|
||||
app.kubernetes.io/name: prometheus-node-exporter
|
||||
app.kubernetes.io/part-of: prometheus-node-exporter
|
||||
|
||||
|
||||
|
||||
resources:
|
||||
limits:
|
||||
cpu: 200m
|
||||
memory: 50Mi
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 30Mi
|
||||
@@ -1,16 +0,0 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: thanos-objstore-config
|
||||
namespace: monitoring
|
||||
spec:
|
||||
encryptedData:
|
||||
thanos.yaml: AgAqlul2V1idfgbWvq/0ljSFlxOOsQmwlGd+jRvDDyi1nlR8woHrp7lW6AxJ/8mBtb5htCuJzLgx+HVrN/EN+fRn5xG3D5+8xs4jWBOQ49MgLSAjJavFPcVY5xiBpGaw/N8aotlbfv6Wa2/+cmiAzVDPwnOj5zCS/EU58Tu2YFeVSbMUlu0NFAeyBW0DVT2enuVLToP4Ge4T0U9F99NHOh2zlVG82iI+4RxCu/WBkOU/urVleGwCYkcr/ItmXiwRXbwnWUtEUf28Q4ArpuZXFkKZUMoIwOjkXgOn/ySBLVvf0yy1+WOcYAIX9ouxu6i4T1GAZO9RnKeMJOIyebI3EOMA2dxQFpQg2/XhhHz2Ds2oDX/yr7vXbZJGyiCvTnnFUvFALKWIjRXXWphdqHDk6iP8tFIKVFsn7UxgMVFRcs6DmcMpBgFOcjpHr4HFZap5G9hI3cscmkNfwU+JOXkDEGRpZkkECza4wlQln8Wptq1qa+I+DSclqLOcvoEvNCJCIIgh5tINJ0KiZcrBvymUZZ9VduH4TFHR/UQK7M7It892TDNUlIp2UDWiuQ2DJysOJXmvSiNo8PGWSyDJwKJPhaWqXz9RUsb4D8gq/a+0qC7DOICrJEUj7WL8dwaKoQa32Cf+wopwrjFWSE7pAfiBJo+Dqa9jHIDv2hVsdU8NXqiFK35XHyUT4i0KWc+UZg4ObotGxYMvRtJuc3S7ZGTJ4YKDP5iThuNSuNd1pd1YjirpvVtL2o5BYh2i55F3DfVREofYpBCjK1e43mHOwEUYZ7Ff6p1+S0PXZnkL53xHMiiW3yr0v1g2ZYk7vzkENb9epzm24fNX/4ZiJdb0glEJmB674bgDSeh9PA5q8nJIKk6vsbrzfaAYWIn5Ai9MPbAVfg9pPkMyy9ydd+SqecujkWm++4dHqB1WJUg=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: thanos-objstore-config
|
||||
namespace: monitoring
|
||||
type: Opaque
|
||||
@@ -9,6 +9,6 @@ namespace: pg-ha
|
||||
helmCharts:
|
||||
- name: cloudnative-pg
|
||||
releaseName: pg-controller
|
||||
version: 0.24.0
|
||||
version: 0.22.1
|
||||
valuesFile: values.yaml
|
||||
repo: https://cloudnative-pg.io/charts/
|
||||
|
||||
20
infrastructure/prometheus/kustomization.yaml
Normal file
20
infrastructure/prometheus/kustomization.yaml
Normal file
@@ -0,0 +1,20 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
|
||||
namespace: prometheus
|
||||
|
||||
resources:
|
||||
- namespace.yaml
|
||||
# prometheus-operator crds
|
||||
- https://github.com/prometheus-operator/prometheus-operator/releases/download/v0.70.0/bundle.yaml
|
||||
- prometheus.yaml
|
||||
- thanos-objstore-config.sealedsecret.yaml
|
||||
# thanos deployment from kube-thanos project
|
||||
- thanos-store.statefulset.yaml
|
||||
- thanos-query.deployment.yaml
|
||||
|
||||
|
||||
images:
|
||||
- name: thanos
|
||||
newName: quay.io/thanos/thanos
|
||||
newTag: v0.37.2
|
||||
@@ -39,7 +39,7 @@ roleRef:
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: prometheus
|
||||
namespace: monitoring # needs to be the same as in the kustomization.yaml
|
||||
namespace: prometheus # needs to be the same as in the kustomization.yaml
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: Prometheus
|
||||
@@ -0,0 +1,16 @@
|
||||
---
|
||||
apiVersion: bitnami.com/v1alpha1
|
||||
kind: SealedSecret
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: thanos-objstore-config
|
||||
namespace: prometheus
|
||||
spec:
|
||||
encryptedData:
|
||||
thanos.yaml: AgByW/LKzPh0QeNsHR8Us4bJ/0chIQErhfh5plY1tjqiZyNLlxZ+NygYYzVggW02k4gAsKs68trbLBbeTTEhpKYP8hUphNb13lrgp07wYpOQjUF57i6RjPM2QNJpO0qLSk/nOPIOtR3XKn+nXxdJDmh3j5y0zxVz5O7MLh7adwOaHlyWTLMJjI1cda8YljDp2FYs24lHHMw4gXAYUecGDJNQqw5Xy9IiGh8kBbcKe3j6bVCj1yxPbHszmvZ2s+Q+mnndXnoeLMhwjZhMF8/PETxmSZ2bs41k3lHm/2rcPQCJsl9CuJEGKhu6ndKrVhtury4/US/FheEOoGF0YZk/AQMHII/mxy8haPNxtQTDs4rfYz/BA8cMMZll44wxOY9gAOmhm3sG6GI9wcB1Z65p98xSuDaInknO80l07vwMAAvmrZbT53Fmefrxl+jE1pImcGEsL0MfP621nTXlOBW9keF+6aUOubrwjPKKSXdqZU21acNbaIeRQSJyaOBStAKLfnPFmaryGisgNu0hCk/WmszZ0/s/ilvdMdAD6kKoiKL/NWfXtHATh/fnd76bKfSzNQk6e+WWfomToYVU0HRgAaWnIzjB9Q4tjxkbRwteEodU+K1BvD4xQ0sfQB2vHlDjQGC3pjIUFCWG0SzQGb7oe6+X2CJpcNIBHwF661iELJpJkg8dLsPtwb+8Rj6BL+ZtyVKYv18nDNON0WVpwJb/IHHSmxfYD5b/q6fATCFj55IXK5Nr4VO65a2Sv5Iv0/TTUVkwb8dkMmwfs5qcQiZ4oKWx8Ol6GkjDZrFARUtHQ/9KiZ9xDj3tPic2TeQfKr27sgc4lEL8RSxaRKHkkxIAioea3YgFfBm7ZfoxMlzJnQ1vI2vDvJcRXhWKSGdXiKOddwLSVMZFsSRRi9AxH87Sjt7j1wvsA7xgBqc=
|
||||
template:
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: thanos-objstore-config
|
||||
namespace: prometheus
|
||||
type: Opaque
|
||||
@@ -3,7 +3,7 @@ kind: CronJob
|
||||
metadata:
|
||||
name: renovate
|
||||
spec:
|
||||
schedule: '0 */2 * * *'
|
||||
schedule: '0,30 * * * *'
|
||||
concurrencyPolicy: Forbid
|
||||
jobTemplate:
|
||||
spec:
|
||||
|
||||
@@ -11,4 +11,4 @@ resources:
|
||||
images:
|
||||
- name: renovate/renovate
|
||||
newName: renovate/renovate
|
||||
newTag: "41"
|
||||
newTag: "39"
|
||||
|
||||
@@ -9,4 +9,4 @@ resources:
|
||||
images:
|
||||
- name: controller
|
||||
newName: docker.io/bitnami/sealed-secrets-controller
|
||||
newTag: 0.30.0
|
||||
newTag: 0.27.3
|
||||
|
||||
@@ -13,6 +13,6 @@ namespace: traefik-system
|
||||
helmCharts:
|
||||
- name: traefik
|
||||
releaseName: traefik
|
||||
version: 36.3.0
|
||||
version: 33.2.1
|
||||
valuesFile: values.yaml
|
||||
repo: https://traefik.github.io/charts
|
||||
|
||||
@@ -1,18 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: kitchenowl-application
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: apps
|
||||
source:
|
||||
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
|
||||
targetRevision: main
|
||||
path: apps/kitchenowl/
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: kitchenowl
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
@@ -1,4 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- application.yaml
|
||||
@@ -20,7 +20,7 @@ resources:
|
||||
- traefik/
|
||||
- external-dns/
|
||||
- external-services/
|
||||
- monitoring/application.yaml
|
||||
- prometheus/application.yaml
|
||||
- authelia/
|
||||
|
||||
# simple apps
|
||||
@@ -29,18 +29,16 @@ resources:
|
||||
- eth-physics/
|
||||
- files/
|
||||
- finance/
|
||||
- grafana/
|
||||
- homeassistant/
|
||||
- immich/
|
||||
- journal/
|
||||
- kitchenowl/
|
||||
- linkding/
|
||||
- media/
|
||||
- minecraft/application.yaml
|
||||
- monitoring/
|
||||
- ntfy/
|
||||
- paperless/
|
||||
- recipes/
|
||||
- rss/
|
||||
- stump/
|
||||
- todos/
|
||||
- whoami/
|
||||
- todos/
|
||||
|
||||
@@ -3,13 +3,12 @@ kind: Application
|
||||
metadata:
|
||||
name: monitoring-application
|
||||
namespace: argocd
|
||||
|
||||
spec:
|
||||
project: infrastructure
|
||||
project: apps
|
||||
source:
|
||||
repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
|
||||
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
|
||||
targetRevision: main
|
||||
path: infrastructure/monitoring
|
||||
path: apps/monitoring
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: monitoring
|
||||
@@ -17,6 +16,3 @@ spec:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- Replace=true
|
||||
# because the prometheus-operator CRDs are too large
|
||||
|
||||
@@ -1,20 +1,22 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: grafana-application
|
||||
name: prometheus-application
|
||||
namespace: argocd
|
||||
|
||||
spec:
|
||||
project: apps
|
||||
project: infrastructure
|
||||
source:
|
||||
repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
|
||||
repoURL: git@github.com:moll-re/bootstrap-k3s-infra.git
|
||||
targetRevision: main
|
||||
path: apps/grafana
|
||||
path: infrastructure/prometheus
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: grafana
|
||||
namespace: monitoring
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
syncOptions:
|
||||
- Replace=true
|
||||
- Replace=true
|
||||
# because the prom crds exceed the default 256Ki limit
|
||||
@@ -1,18 +0,0 @@
|
||||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: stump-application
|
||||
|
||||
spec:
|
||||
project: apps
|
||||
destination:
|
||||
server: https://kubernetes.default.svc
|
||||
namespace: stump
|
||||
syncPolicy:
|
||||
automated:
|
||||
prune: true
|
||||
selfHeal: true
|
||||
sources:
|
||||
- repoURL: ssh://git@git.kluster.moll.re:2222/remoll/k3s-infra.git
|
||||
targetRevision: main
|
||||
path: apps/stump
|
||||
@@ -1,4 +0,0 @@
|
||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- application.yaml
|
||||
@@ -1,14 +1,4 @@
|
||||
{
|
||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||
"dependencyDashboard": true,
|
||||
"extends": [
|
||||
"local>remoll/k3s-infra//apps/immich/renovate.json"
|
||||
],
|
||||
"packageRules": [
|
||||
{
|
||||
"matchUpdateTypes": ["patch"],
|
||||
"automerge": true,
|
||||
"ignoreTests": true
|
||||
}
|
||||
]
|
||||
"dependencyDashboard": true
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user