stuff

.archive/kubernetes/cloudnative-pg/cluster/cluster17.yaml → .archive/kubernetes/cloudnative-pg/cluster/cluster16.yaml

@@ -4,8 +4,8 @@ kind: Cluster
 metadata:
   name: postgres17
 spec:
-  instances: 4 # set to the number of nodes in the cluster
-  imageName: ghcr.io/cloudnative-pg/postgresql:17.2-27@sha256:9308dcd778be66f56bdce8503916ab820d12420e7d1bc74fff0d663c95e126c3
+  instances: 1
+  imageName: ghcr.io/cloudnative-pg/postgresql:16.2
   primaryUpdateStrategy: unsupervised
   storage:
     size: 50Gi
@@ -41,7 +41,7 @@ spec:
       endpointURL: &url https://s3.${SECRET_INTERNAL_DOMAIN}
       # Note: serverName version needs to be inclemented
       # when recovering from an existing cnpg cluster
-      serverName: postgres17-v1
+      serverName: postgres16-v5
       s3Credentials: &credentials
         accessKeyId:
           name: cloudnative-pg-secret

.archive/kubernetes/cloudnative-pg/cluster/kustomization.yaml

@@ -4,7 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: default
 resources:
-  - ./cluster17.yaml
+  - ./cluster16.yaml
   - ./pgdump
   - ./prometheusrule.yaml
   - ./scheduledbackup.yaml

.taskfiles/kubernetes/Taskfile.yaml

@@ -19,8 +19,8 @@ tasks:
             "containers": [
               {
                 "name": "debug",
-                "image": "ghcr.io/onedr0p/alpine:rolling",
-                "command": ["/bin/bash"],
+                "image": "cgr.dev/chainguard/wolfi-base",
+                "command": ["sleep","9999999"],
                 "stdin": true,
                 "stdinOnce": true,
                 "tty": true,
@@ -44,8 +44,8 @@ tasks:
           }
         }'
     requires:
-      vars: ["claim"]
+      vars: [claim]
     vars:
       ns: '{{.ns | default "default"}}'
     preconditions:
-      - { msg: "PVC not found", sh: "kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}}" }
+      - { msg: PVC not found, sh: "kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}}" }

.taskfiles/volsync/Taskfile.yaml

@@ -19,8 +19,8 @@ x-env: &env
   ts: '{{.ts}}'
 
 vars:
-  scriptsDir: '{{.ROOT_DIR}}/.taskfiles/VolSync/scripts'
-  templatesDir: '{{.ROOT_DIR}}/.taskfiles/VolSync/templates'
+  scriptsDir: '{{.ROOT_DIR}}/.taskfiles/volsync/scripts'
+  templatesDir: '{{.ROOT_DIR}}/.taskfiles/volsync/templates'
   ts: '{{now | date "150405"}}'
 
 tasks:

kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml

@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@@ -25,7 +25,7 @@ spec:
     substitute:
       APP: *app
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

kubernetes/apps/cert-manager/cert-manager/ks.yaml

@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:
@@ -23,7 +23,7 @@ spec:
     substitute:
       APP: *app
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

kubernetes/apps/database/crunchy-postgres-operator/cluster/cluster.yaml

@@ -10,7 +10,7 @@ spec:
   metadata:
     labels:
       crunchy-userinit.ramblurr.github.com/enabled: "true"
-      crunchy-userinit.ramblurr.github.com/superuser: "postgres"
+      crunchy-userinit.ramblurr.github.com/superuser: postgres
 
   patroni: # turn on sync writes to at least 1 other replica
     dynamicConfiguration:
@@ -28,7 +28,7 @@ spec:
       metadata:
         labels:
           app.kubernetes.io/name: crunchy-postgres
-      replicas: &replica 3
+      replicas: &replica 2
       dataVolumeClaimSpec:
         storageClassName: openebs-hostpath
         accessModes:
@@ -38,8 +38,8 @@ spec:
             storage: 80Gi
       topologySpreadConstraints:
         - maxSkew: 1
-          topologyKey: "kubernetes.io/hostname"
-          whenUnsatisfiable: "DoNotSchedule"
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: DoNotSchedule
           labelSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: *name
@@ -50,14 +50,23 @@ spec:
     - name: postgres
       databases:
         - postgres
-      options: "SUPERUSER"
+      options: SUPERUSER
       password: &password
         type: AlphaNumeric
     # Applications
     - name: authelia
       databases:
         - authelia
       password: *password
+    - name: babybuddy
+      databases:
+        - babybuddy
+      password: *password
+    - name: bazarr
+      databases:
+        - bazarr_main
+        - bazarr_log
+      password: *password
     - name: ghostfolio
       databases:
         - ghostfolio
@@ -70,6 +79,15 @@ spec:
       databases:
         - joplin
       password: *password
+    - name: lldap
+      databases:
+        - lldap
+      password: *password
+    - name: lidarr
+      databases:
+        - lidarr_main
+        - lidarr_log
+      password: *password
     - name: lychee
       databases:
         - lychee
@@ -82,40 +100,47 @@ spec:
       databases:
         - paperless
       password: *password
+    - name: prowlarr
+      databases:
+        - prowlarr_main
+        - prowlarr_logs
+      password: *password
     - name: pushover-notifier
       databases:
         - pushover-notifier
       password: *password
-    - name: tandoor
+    - name: radarr
       databases:
-        - tandoor
+        - radarr_main
+        - radarr_log
       password: *password
-    - name: vaultwarden
+    - name: sonarr
       databases:
-        - vaultwarden
+        - sonarr_main
+        - sonarr_log
       password: *password
-    - name: vikunja
+    - name: tandoor
       databases:
-        - vikunja
+        - tandoor
       password: *password
-    - name: windmill
+    - name: vikunja
       databases:
-        - windmill
+        - vikunja
       password: *password
   backups:
     pgbackrest:
       configuration: &backupConfig
         - secret:
             name: crunchy-postgres-secret
       global: &backupFlag
-        compress-type: "bz2"
+        compress-type: bz2
         compress-level: "9"
         # Minio
-        repo1-block: "y"
-        repo1-bundle: "y"
+        repo1-block: y
+        repo1-bundle: y
         repo1-path: /crunchy-pgo
         repo1-retention-full: "30" # days
-        repo1-retention-full-type: "time"
+        repo1-retention-full-type: time
         repo1-s3-uri-style: path
       manual:
         repoName: repo1
@@ -127,13 +152,13 @@ spec:
       repos:
         - name: repo1 # Minio
           s3: &minio
-            bucket: crunchy-postgres
+            bucket: crunchy-postgres-operator
             endpoint: "s3.${SECRET_INTERNAL_DOMAIN}"
             region: us-east-1
           schedules:
-            full: "0 1 * * 0" # Sunday at 01:00
-            differential: "0 1 * * 1-6" # Mon-Sat at 01:00
-            incremental: "0 2-23 * * *" # Every hour except 01:00
+            full: 0 1 * * 0 # Sunday at 01:00
+            differential: 0 1 * * 1-6 # Mon-Sat at 01:00
+            incremental: 0 2-23 * * * # Every hour except 01:00
 
   # dataSource:
   #   pgbackrest:
@@ -168,14 +193,14 @@ spec:
           app.kubernetes.io/name: crunchy-postgres-pgbouncer
       config:
         global:
-          pool_mode: "session" # Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction
+          pool_mode: session # Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction
           client_tls_sslmode: prefer
           default_pool_size: "100"
           max_client_conn: "500"
       topologySpreadConstraints:
         - maxSkew: 1
-          topologyKey: "kubernetes.io/hostname"
-          whenUnsatisfiable: "DoNotSchedule"
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: DoNotSchedule
           labelSelector:
             matchLabels:
               postgres-operator.crunchydata.com/cluster: *name

kubernetes/apps/database/crunchy-postgres-operator/ks.yaml

@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

kubernetes/apps/database/crunchy-postgres-operator/pgadmin/ingress.yaml

@@ -0,0 +1,33 @@
+---
+# trunk-ignore(checkov/CKV_K8S_21)
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pgadmin
+  annotations:
+          hajimari.io/icon: mdi:database
+          gethomepage.dev/enabled: "true"
+          gethomepage.dev/name: pgAdmin
+          gethomepage.dev/description: PostgreSQL management tool.
+          gethomepage.dev/group: Infrrastructure
+          gethomepage.dev/icon: pgadmin.png
+          gethomepage.dev/pod-selector: >-
+            app in (
+              pgadmin
+            )
+spec:
+  ingressClassName: internal
+  tls:
+    - hosts:
+        - &host pgadmin.${SECRET_EXTERNAL_DOMAIN}
+  rules:
+    - host: *host
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: pgadmin
+                port:
+                  number: 5050

kubernetes/apps/database/crunchy-postgres-operator/pgadmin/kustomization.yaml

@@ -4,4 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - ./externalsecret.yaml
+  - ./ingress.yaml
   - ./pgadmin.yaml
+  - ./service.yaml

kubernetes/apps/database/crunchy-postgres-operator/pgadmin/pgadmin.yaml

@@ -12,11 +12,11 @@ spec:
       key: PGADMIN_PASSWORD
   dataVolumeClaimSpec:
     accessModes:
-    - "ReadWriteOnce"
+    - ReadWriteOnce
     resources:
       requests:
         storage: 1Gi
   serverGroups:
-  - name: supply
-    postgresClusterSelector: {}
-  # serviceName: "my-service"
+    - name: supply
+      postgresClusterSelector: {}
+  serviceName: pgadmin

kubernetes/apps/database/crunchy-postgres-operator/pgadmin/service.yaml

@@ -0,0 +1,14 @@
+---
+# trunk-ignore(checkov/CKV_K8S_21)
+apiVersion: v1
+kind: Service
+metadata:
+  name: pgadmin
+spec:
+  type: ClusterIP
+  ports:
+  - name: pgadmin-port
+    port: 5050
+    protocol: TCP
+  selector:
+    postgres-operator.crunchydata.com/pgadmin: pgadmin

kubernetes/apps/database/emqx/ks.yaml

@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

kubernetes/apps/default/authelia/ks.yaml

@@ -1,5 +1,5 @@
 ---
-# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
 metadata:

kubernetes/apps/default/babybuddy/app/externalsecret.yaml

@@ -14,8 +14,29 @@ spec:
       engineVersion: v2
       data:
         SECRET_KEY: "{{ .BABYBUDDY_SECRET_KEY }}"
-        INIT_GRANT_SCHEMA_PUBLIC: "true"
-
   dataFrom:
     - extract:
         key: babybuddy
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: babybuddy-db
+spec:
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: crunchy-pgo-secrets
+  target:
+    name: babybuddy-db-secret
+    template:
+      engineVersion: v2
+      data:
+        DB_NAME: '{{ index . "dbname" }}'
+        DB_HOST: '{{ index . "host" }}'
+        DB_PORT: '{{ index . "port" }}'
+        DB_USER: '{{ index . "user" }}'
+        DB_PASS: '{{ index . "password" }}'
+        INIT_GRANT_SCHEMA_PUBLIC: "true"
+  dataFrom:
+    - extract:
+        key: postgres-pguser-babybuddy