From 27af7d66c1bc79f2d6b0bb9f4b1ff581fc0e6c41 Mon Sep 17 00:00:00 2001 From: auricom <27022259+auricom@users.noreply.github.com> Date: Sun, 5 Jan 2025 14:35:38 +0100 Subject: [PATCH] stuff --- .../{cluster17.yaml => cluster16.yaml} | 6 +- .../cloudnative-pg/cluster/kustomization.yaml | 2 +- .../kubernetes}/thanos/app/helmrelease.yaml | 0 .../kubernetes}/thanos/app/kustomization.yaml | 0 .../thanos/app/objectbucketclaim.yaml | 0 .../kubernetes}/thanos/app/pushsecret.yaml | 0 .../kubernetes}/thanos/app/readme.md | 0 .../thanos/app/resources/cache.yaml | 0 .../kubernetes}/thanos/ks.yaml | 0 .taskfiles/kubernetes/Taskfile.yaml | 8 +- .taskfiles/volsync/Taskfile.yaml | 4 +- .../actions-runner-controller/ks.yaml | 4 +- .../apps/cert-manager/cert-manager/ks.yaml | 4 +- .../cluster/cluster.yaml | 73 +++++++++++++------ .../crunchy-postgres-operator/ks.yaml | 2 +- .../pgadmin/ingress.yaml | 33 +++++++++ .../pgadmin/kustomization.yaml | 2 + .../pgadmin/pgadmin.yaml | 8 +- .../pgadmin/service.yaml | 14 ++++ kubernetes/apps/database/emqx/ks.yaml | 2 +- kubernetes/apps/default/authelia/ks.yaml | 2 +- .../default/babybuddy/app/externalsecret.yaml | 25 ++++++- .../default/babybuddy/app/helmrelease.yaml | 28 ++++++- kubernetes/apps/default/babybuddy/ks.yaml | 5 +- .../default/bazarr/app/externalsecret.yaml | 23 ++++++ .../apps/default/bazarr/app/helmrelease.yaml | 19 +++-- kubernetes/apps/default/bazarr/ks.yaml | 4 +- kubernetes/apps/default/calibre/ks.yaml | 2 +- .../exercisediary/app/helmrelease.yaml | 9 ++- kubernetes/apps/default/exercisediary/ks.yaml | 2 +- kubernetes/apps/default/flaresolverr/ks.yaml | 2 +- kubernetes/apps/default/flood/ks.yaml | 2 +- kubernetes/apps/default/freshrss/ks.yaml | 2 +- kubernetes/apps/default/frigate/ks.yaml | 2 +- kubernetes/apps/default/ghostfolio/ks.yaml | 2 +- kubernetes/apps/default/hajimari/ks.yaml | 2 +- .../apps/default/home-assistant/ks.yaml | 4 +- kubernetes/apps/default/homebox/ks.yaml | 2 +- kubernetes/apps/default/homepage/ks.yaml | 2 +- kubernetes/apps/default/jellyfin/ks.yaml | 2 +- .../default/joplin/app/externalsecret.yaml | 4 +- .../apps/default/joplin/app/helmrelease.yaml | 1 - kubernetes/apps/default/joplin/ks.yaml | 2 +- kubernetes/apps/default/komf/ks.yaml | 2 +- kubernetes/apps/default/komga/ks.yaml | 2 +- .../default/libmedium/app/config/config.toml | 2 +- .../default/libmedium/app/helmrelease.yaml | 2 +- kubernetes/apps/default/libmedium/ks.yaml | 2 +- .../default/lidarr/app/externalsecret.yaml | 23 ++++++ .../apps/default/lidarr/app/helmrelease.yaml | 22 +++--- kubernetes/apps/default/lidarr/ks.yaml | 3 +- kubernetes/apps/default/linkding/ks.yaml | 2 +- .../default/lldap/app/externalsecret.yaml | 19 ++++- .../apps/default/lldap/app/helmrelease.yaml | 6 +- .../apps/default/lldap/app/kustomization.yaml | 1 - kubernetes/apps/default/lldap/ks.yaml | 5 +- kubernetes/apps/default/lms/ks.yaml | 2 +- .../apps/default/lychee/app/helmrelease.yaml | 24 +++++- kubernetes/apps/default/lychee/ks.yaml | 2 +- .../apps/default/music-transcode/ks.yaml | 2 +- kubernetes/apps/default/navidrome/ks.yaml | 2 +- kubernetes/apps/default/outline/ks.yaml | 2 +- kubernetes/apps/default/paperless/ks.yaml | 2 +- .../default/prowlarr/app/externalsecret.yaml | 38 ++++++---- .../default/prowlarr/app/helmrelease.yaml | 28 +++---- .../default/prowlarr/app/kustomization.yaml | 1 - kubernetes/apps/default/prowlarr/ks.yaml | 3 +- kubernetes/apps/default/qbittorrent/ks.yaml | 2 +- .../default/radarr/app/externalsecret.yaml | 38 ++++++---- .../apps/default/radarr/app/helmrelease.yaml | 30 ++++---- kubernetes/apps/default/radarr/ks.yaml | 3 +- kubernetes/apps/default/readeck/ks.yaml | 2 +- kubernetes/apps/default/recyclarr/ks.yaml | 2 +- kubernetes/apps/default/redlib/ks.yaml | 2 +- kubernetes/apps/default/sabnzbd/ks.yaml | 2 +- .../default/sharry/app/config/sharry.conf | 2 +- kubernetes/apps/default/sharry/ks.yaml | 2 +- kubernetes/apps/default/smtp-relay/ks.yaml | 2 +- .../default/sonarr/app/externalsecret.yaml | 26 ++++++- .../apps/default/sonarr/app/helmrelease.yaml | 29 ++++---- kubernetes/apps/default/sonarr/ks.yaml | 3 +- kubernetes/apps/default/tandoor/ks.yaml | 2 +- kubernetes/apps/default/tdarr/ks.yaml | 4 +- kubernetes/apps/default/unifi/ks.yaml | 2 +- kubernetes/apps/default/vaultwarden/ks.yaml | 2 +- kubernetes/apps/default/vikunja/ks.yaml | 2 +- kubernetes/apps/default/zigbee2mqtt/ks.yaml | 2 +- kubernetes/apps/default/zwave-js-ui/ks.yaml | 2 +- kubernetes/apps/flux-system/addons/ks.yaml | 6 +- kubernetes/apps/kube-system/cilium/ks.yaml | 4 +- kubernetes/apps/kube-system/coredns/ks.yaml | 2 +- .../apps/kube-system/descheduler/ks.yaml | 2 +- .../apps/kube-system/external-secrets/ks.yaml | 4 +- .../kube-system/intel-device-plugin/ks.yaml | 4 +- kubernetes/apps/kube-system/k8s-ycl/ks.yaml | 2 +- .../kube-system/kubelet-csr-approver/ks.yaml | 2 +- .../apps/kube-system/metrics-server/ks.yaml | 2 +- .../node-feature-discovery/ks.yaml | 4 +- kubernetes/apps/kube-system/reloader/ks.yaml | 2 +- .../kube-system/snapshot-controller/ks.yaml | 2 +- kubernetes/apps/kube-system/spegel/ks.yaml | 2 +- kubernetes/apps/network/external-dns/ks.yaml | 2 +- kubernetes/apps/network/k8s-gateway/ks.yaml | 2 +- .../network/nginx/external/helmrelease.yaml | 6 +- .../network/nginx/internal/helmrelease.yaml | 34 ++++----- kubernetes/apps/network/nginx/ks.yaml | 6 +- kubernetes/apps/ngnode/landing-page/ks.yaml | 4 +- kubernetes/apps/observability/apprise/ks.yaml | 2 +- kubernetes/apps/observability/gatus/ks.yaml | 2 +- .../grafana/app/helmrelease.yaml | 38 +--------- kubernetes/apps/observability/grafana/ks.yaml | 2 +- .../app/helmrelease.yaml | 35 +++------ .../crds/helmrelease.yaml | 23 ++++++ .../crds/kustomization.yaml | 6 ++ .../kube-prometheus-stack/ks.yaml | 26 ++++++- .../apps/observability/kustomization.yaml | 1 - .../apps/observability/mailrise/ks.yaml | 2 +- .../apps/observability/scrutiny/ks.yaml | 4 +- .../rook-ceph/rook-ceph/app/helmrelease.yaml | 4 +- kubernetes/apps/rook-ceph/rook-ceph/ks.yaml | 6 +- kubernetes/apps/volsync/volsync/ks.yaml | 2 +- kubernetes/flux/apps.yaml | 2 +- kubernetes/flux/config/cluster.yaml | 2 +- kubernetes/flux/config/flux.yaml | 2 +- kubernetes/flux/vars/cluster-settings.yaml | 2 +- kubernetes/talos/cluster-0/talconfig.yaml | 2 +- 126 files changed, 582 insertions(+), 341 deletions(-) rename .archive/kubernetes/cloudnative-pg/cluster/{cluster17.yaml => cluster16.yaml} (88%) rename {kubernetes/apps/observability => .archive/kubernetes}/thanos/app/helmrelease.yaml (100%) rename {kubernetes/apps/observability => .archive/kubernetes}/thanos/app/kustomization.yaml (100%) rename {kubernetes/apps/observability => .archive/kubernetes}/thanos/app/objectbucketclaim.yaml (100%) rename {kubernetes/apps/observability => .archive/kubernetes}/thanos/app/pushsecret.yaml (100%) rename {kubernetes/apps/observability => .archive/kubernetes}/thanos/app/readme.md (100%) rename {kubernetes/apps/observability => .archive/kubernetes}/thanos/app/resources/cache.yaml (100%) rename {kubernetes/apps/observability => .archive/kubernetes}/thanos/ks.yaml (100%) create mode 100644 kubernetes/apps/database/crunchy-postgres-operator/pgadmin/ingress.yaml create mode 100644 kubernetes/apps/database/crunchy-postgres-operator/pgadmin/service.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/crds/helmrelease.yaml create mode 100644 kubernetes/apps/observability/kube-prometheus-stack/crds/kustomization.yaml diff --git a/.archive/kubernetes/cloudnative-pg/cluster/cluster17.yaml b/.archive/kubernetes/cloudnative-pg/cluster/cluster16.yaml similarity index 88% rename from .archive/kubernetes/cloudnative-pg/cluster/cluster17.yaml rename to .archive/kubernetes/cloudnative-pg/cluster/cluster16.yaml index c7279c9e90..3941b41209 100644 --- a/.archive/kubernetes/cloudnative-pg/cluster/cluster17.yaml +++ b/.archive/kubernetes/cloudnative-pg/cluster/cluster16.yaml @@ -4,8 +4,8 @@ kind: Cluster metadata: name: postgres17 spec: - instances: 4 # set to the number of nodes in the cluster - imageName: ghcr.io/cloudnative-pg/postgresql:17.2-27@sha256:9308dcd778be66f56bdce8503916ab820d12420e7d1bc74fff0d663c95e126c3 + instances: 1 + imageName: ghcr.io/cloudnative-pg/postgresql:16.2 primaryUpdateStrategy: unsupervised storage: size: 50Gi @@ -41,7 +41,7 @@ spec: endpointURL: &url https://s3.${SECRET_INTERNAL_DOMAIN} # Note: serverName version needs to be inclemented # when recovering from an existing cnpg cluster - serverName: postgres17-v1 + serverName: postgres16-v5 s3Credentials: &credentials accessKeyId: name: cloudnative-pg-secret diff --git a/.archive/kubernetes/cloudnative-pg/cluster/kustomization.yaml b/.archive/kubernetes/cloudnative-pg/cluster/kustomization.yaml index 08d7ff7e51..cf401b2570 100644 --- a/.archive/kubernetes/cloudnative-pg/cluster/kustomization.yaml +++ b/.archive/kubernetes/cloudnative-pg/cluster/kustomization.yaml @@ -4,7 +4,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: default resources: - - ./cluster17.yaml + - ./cluster16.yaml - ./pgdump - ./prometheusrule.yaml - ./scheduledbackup.yaml diff --git a/kubernetes/apps/observability/thanos/app/helmrelease.yaml b/.archive/kubernetes/thanos/app/helmrelease.yaml similarity index 100% rename from kubernetes/apps/observability/thanos/app/helmrelease.yaml rename to .archive/kubernetes/thanos/app/helmrelease.yaml diff --git a/kubernetes/apps/observability/thanos/app/kustomization.yaml b/.archive/kubernetes/thanos/app/kustomization.yaml similarity index 100% rename from kubernetes/apps/observability/thanos/app/kustomization.yaml rename to .archive/kubernetes/thanos/app/kustomization.yaml diff --git a/kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml b/.archive/kubernetes/thanos/app/objectbucketclaim.yaml similarity index 100% rename from kubernetes/apps/observability/thanos/app/objectbucketclaim.yaml rename to .archive/kubernetes/thanos/app/objectbucketclaim.yaml diff --git a/kubernetes/apps/observability/thanos/app/pushsecret.yaml b/.archive/kubernetes/thanos/app/pushsecret.yaml similarity index 100% rename from kubernetes/apps/observability/thanos/app/pushsecret.yaml rename to .archive/kubernetes/thanos/app/pushsecret.yaml diff --git a/kubernetes/apps/observability/thanos/app/readme.md b/.archive/kubernetes/thanos/app/readme.md similarity index 100% rename from kubernetes/apps/observability/thanos/app/readme.md rename to .archive/kubernetes/thanos/app/readme.md diff --git a/kubernetes/apps/observability/thanos/app/resources/cache.yaml b/.archive/kubernetes/thanos/app/resources/cache.yaml similarity index 100% rename from kubernetes/apps/observability/thanos/app/resources/cache.yaml rename to .archive/kubernetes/thanos/app/resources/cache.yaml diff --git a/kubernetes/apps/observability/thanos/ks.yaml b/.archive/kubernetes/thanos/ks.yaml similarity index 100% rename from kubernetes/apps/observability/thanos/ks.yaml rename to .archive/kubernetes/thanos/ks.yaml diff --git a/.taskfiles/kubernetes/Taskfile.yaml b/.taskfiles/kubernetes/Taskfile.yaml index 9be2f9b3a7..4eb36f3895 100644 --- a/.taskfiles/kubernetes/Taskfile.yaml +++ b/.taskfiles/kubernetes/Taskfile.yaml @@ -19,8 +19,8 @@ tasks: "containers": [ { "name": "debug", - "image": "ghcr.io/onedr0p/alpine:rolling", - "command": ["/bin/bash"], + "image": "cgr.dev/chainguard/wolfi-base", + "command": ["sleep","9999999"], "stdin": true, "stdinOnce": true, "tty": true, @@ -44,8 +44,8 @@ tasks: } }' requires: - vars: ["claim"] + vars: [claim] vars: ns: '{{.ns | default "default"}}' preconditions: - - { msg: "PVC not found", sh: "kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}}" } + - { msg: PVC not found, sh: "kubectl -n {{.ns}} get persistentvolumeclaim {{.claim}}" } diff --git a/.taskfiles/volsync/Taskfile.yaml b/.taskfiles/volsync/Taskfile.yaml index 4f2aa16920..06efb3e404 100644 --- a/.taskfiles/volsync/Taskfile.yaml +++ b/.taskfiles/volsync/Taskfile.yaml @@ -19,8 +19,8 @@ x-env: &env ts: '{{.ts}}' vars: - scriptsDir: '{{.ROOT_DIR}}/.taskfiles/VolSync/scripts' - templatesDir: '{{.ROOT_DIR}}/.taskfiles/VolSync/templates' + scriptsDir: '{{.ROOT_DIR}}/.taskfiles/volsync/scripts' + templatesDir: '{{.ROOT_DIR}}/.taskfiles/volsync/templates' ts: '{{now | date "150405"}}' tasks: diff --git a/kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml b/kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml index 081fff50ae..845488979b 100644 --- a/kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml +++ b/kubernetes/apps/actions-runner-system/actions-runner-controller/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -25,7 +25,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/cert-manager/cert-manager/ks.yaml b/kubernetes/apps/cert-manager/cert-manager/ks.yaml index 9eb4a1af41..f0c4f294d3 100644 --- a/kubernetes/apps/cert-manager/cert-manager/ks.yaml +++ b/kubernetes/apps/cert-manager/cert-manager/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -23,7 +23,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/database/crunchy-postgres-operator/cluster/cluster.yaml b/kubernetes/apps/database/crunchy-postgres-operator/cluster/cluster.yaml index e556981e37..5f1ad03000 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/cluster/cluster.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/cluster/cluster.yaml @@ -10,7 +10,7 @@ spec: metadata: labels: crunchy-userinit.ramblurr.github.com/enabled: "true" - crunchy-userinit.ramblurr.github.com/superuser: "postgres" + crunchy-userinit.ramblurr.github.com/superuser: postgres patroni: # turn on sync writes to at least 1 other replica dynamicConfiguration: @@ -28,7 +28,7 @@ spec: metadata: labels: app.kubernetes.io/name: crunchy-postgres - replicas: &replica 3 + replicas: &replica 2 dataVolumeClaimSpec: storageClassName: openebs-hostpath accessModes: @@ -38,8 +38,8 @@ spec: storage: 80Gi topologySpreadConstraints: - maxSkew: 1 - topologyKey: "kubernetes.io/hostname" - whenUnsatisfiable: "DoNotSchedule" + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: postgres-operator.crunchydata.com/cluster: *name @@ -50,7 +50,7 @@ spec: - name: postgres databases: - postgres - options: "SUPERUSER" + options: SUPERUSER password: &password type: AlphaNumeric # Applications @@ -58,6 +58,15 @@ spec: databases: - authelia password: *password + - name: babybuddy + databases: + - babybuddy + password: *password + - name: bazarr + databases: + - bazarr_main + - bazarr_log + password: *password - name: ghostfolio databases: - ghostfolio @@ -70,6 +79,15 @@ spec: databases: - joplin password: *password + - name: lldap + databases: + - lldap + password: *password + - name: lidarr + databases: + - lidarr_main + - lidarr_log + password: *password - name: lychee databases: - lychee @@ -82,25 +100,32 @@ spec: databases: - paperless password: *password + - name: prowlarr + databases: + - prowlarr_main + - prowlarr_logs + password: *password - name: pushover-notifier databases: - pushover-notifier password: *password - - name: tandoor + - name: radarr databases: - - tandoor + - radarr_main + - radarr_log password: *password - - name: vaultwarden + - name: sonarr databases: - - vaultwarden + - sonarr_main + - sonarr_log password: *password - - name: vikunja + - name: tandoor databases: - - vikunja + - tandoor password: *password - - name: windmill + - name: vikunja databases: - - windmill + - vikunja password: *password backups: pgbackrest: @@ -108,14 +133,14 @@ spec: - secret: name: crunchy-postgres-secret global: &backupFlag - compress-type: "bz2" + compress-type: bz2 compress-level: "9" # Minio - repo1-block: "y" - repo1-bundle: "y" + repo1-block: y + repo1-bundle: y repo1-path: /crunchy-pgo repo1-retention-full: "30" # days - repo1-retention-full-type: "time" + repo1-retention-full-type: time repo1-s3-uri-style: path manual: repoName: repo1 @@ -127,13 +152,13 @@ spec: repos: - name: repo1 # Minio s3: &minio - bucket: crunchy-postgres + bucket: crunchy-postgres-operator endpoint: "s3.${SECRET_INTERNAL_DOMAIN}" region: us-east-1 schedules: - full: "0 1 * * 0" # Sunday at 01:00 - differential: "0 1 * * 1-6" # Mon-Sat at 01:00 - incremental: "0 2-23 * * *" # Every hour except 01:00 + full: 0 1 * * 0 # Sunday at 01:00 + differential: 0 1 * * 1-6 # Mon-Sat at 01:00 + incremental: 0 2-23 * * * # Every hour except 01:00 # dataSource: # pgbackrest: @@ -168,14 +193,14 @@ spec: app.kubernetes.io/name: crunchy-postgres-pgbouncer config: global: - pool_mode: "session" # Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction + pool_mode: session # Grafana requires session https://github.com/grafana/grafana/issues/74260#issuecomment-1702795311. Everything else is happy with transaction client_tls_sslmode: prefer default_pool_size: "100" max_client_conn: "500" topologySpreadConstraints: - maxSkew: 1 - topologyKey: "kubernetes.io/hostname" - whenUnsatisfiable: "DoNotSchedule" + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule labelSelector: matchLabels: postgres-operator.crunchydata.com/cluster: *name diff --git a/kubernetes/apps/database/crunchy-postgres-operator/ks.yaml b/kubernetes/apps/database/crunchy-postgres-operator/ks.yaml index 1f3becaca9..be86943fd0 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/ks.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/ingress.yaml b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/ingress.yaml new file mode 100644 index 0000000000..b5e5d68c5f --- /dev/null +++ b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/ingress.yaml @@ -0,0 +1,33 @@ +--- +# trunk-ignore(checkov/CKV_K8S_21) +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: pgadmin + annotations: + hajimari.io/icon: mdi:database + gethomepage.dev/enabled: "true" + gethomepage.dev/name: pgAdmin + gethomepage.dev/description: PostgreSQL management tool. + gethomepage.dev/group: Infrrastructure + gethomepage.dev/icon: pgadmin.png + gethomepage.dev/pod-selector: >- + app in ( + pgadmin + ) +spec: + ingressClassName: internal + tls: + - hosts: + - &host pgadmin.${SECRET_EXTERNAL_DOMAIN} + rules: + - host: *host + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pgadmin + port: + number: 5050 diff --git a/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/kustomization.yaml b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/kustomization.yaml index d11426306b..8261e3285d 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/kustomization.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/kustomization.yaml @@ -4,4 +4,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ./externalsecret.yaml + - ./ingress.yaml - ./pgadmin.yaml + - ./service.yaml diff --git a/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/pgadmin.yaml b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/pgadmin.yaml index cd4082040d..e3e0dde595 100644 --- a/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/pgadmin.yaml +++ b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/pgadmin.yaml @@ -12,11 +12,11 @@ spec: key: PGADMIN_PASSWORD dataVolumeClaimSpec: accessModes: - - "ReadWriteOnce" + - ReadWriteOnce resources: requests: storage: 1Gi serverGroups: - - name: supply - postgresClusterSelector: {} - # serviceName: "my-service" + - name: supply + postgresClusterSelector: {} + serviceName: pgadmin diff --git a/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/service.yaml b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/service.yaml new file mode 100644 index 0000000000..fa77db7fd9 --- /dev/null +++ b/kubernetes/apps/database/crunchy-postgres-operator/pgadmin/service.yaml @@ -0,0 +1,14 @@ +--- +# trunk-ignore(checkov/CKV_K8S_21) +apiVersion: v1 +kind: Service +metadata: + name: pgadmin +spec: + type: ClusterIP + ports: + - name: pgadmin-port + port: 5050 + protocol: TCP + selector: + postgres-operator.crunchydata.com/pgadmin: pgadmin diff --git a/kubernetes/apps/database/emqx/ks.yaml b/kubernetes/apps/database/emqx/ks.yaml index 8c88e04c38..a611eea6bc 100644 --- a/kubernetes/apps/database/emqx/ks.yaml +++ b/kubernetes/apps/database/emqx/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/authelia/ks.yaml b/kubernetes/apps/default/authelia/ks.yaml index 1fff629c44..6aba9f95e4 100644 --- a/kubernetes/apps/default/authelia/ks.yaml +++ b/kubernetes/apps/default/authelia/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/babybuddy/app/externalsecret.yaml b/kubernetes/apps/default/babybuddy/app/externalsecret.yaml index 52d2ca1f08..0a8f6a694b 100644 --- a/kubernetes/apps/default/babybuddy/app/externalsecret.yaml +++ b/kubernetes/apps/default/babybuddy/app/externalsecret.yaml @@ -14,8 +14,29 @@ spec: engineVersion: v2 data: SECRET_KEY: "{{ .BABYBUDDY_SECRET_KEY }}" - INIT_GRANT_SCHEMA_PUBLIC: "true" - dataFrom: - extract: key: babybuddy +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: babybuddy-db +spec: + secretStoreRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets + target: + name: babybuddy-db-secret + template: + engineVersion: v2 + data: + DB_NAME: '{{ index . "dbname" }}' + DB_HOST: '{{ index . "host" }}' + DB_PORT: '{{ index . "port" }}' + DB_USER: '{{ index . "user" }}' + DB_PASS: '{{ index . "password" }}' + INIT_GRANT_SCHEMA_PUBLIC: "true" + dataFrom: + - extract: + key: postgres-pguser-babybuddy diff --git a/kubernetes/apps/default/babybuddy/app/helmrelease.yaml b/kubernetes/apps/default/babybuddy/app/helmrelease.yaml index cc07991b56..e94aef7e21 100644 --- a/kubernetes/apps/default/babybuddy/app/helmrelease.yaml +++ b/kubernetes/apps/default/babybuddy/app/helmrelease.yaml @@ -31,6 +31,30 @@ spec: babybuddy: annotations: reloader.stakater.com/auto: "true" + secret.reloader.stakater.com/reload: babybuddy-db-secret + initContainers: + migrations: + image: + repository: ghcr.io/auricom/babybuddy + tag: 2.7.0@sha256:39bc60fb6825d5bca296c078f599e00c6b9249d55992ddfe4200e6aa0841f86a + pullPolicy: IfNotPresent + envFrom: &envFrom + - secretRef: + name: babybuddy-secret + - secretRef: + name: babybuddy-db-secret + command: + - /bin/bash + - -c + - | + #!/bin/bash + + set -o errexit + set -o nounset + + cd www/public + python3 ./manage.py migrate --noinput + python3 ./manage.py createcachetable containers: app: image: @@ -43,9 +67,7 @@ spec: EMAIL_PORT: "2525" EMAIL_USE_TLS: "false" CSRF_TRUSTED_ORIGINS: https://babybuddy.${SECRET_EXTERNAL_DOMAIN} - envFrom: - - secretRef: - name: babybuddy-secret + envFrom: *envFrom probes: liveness: enabled: true diff --git a/kubernetes/apps/default/babybuddy/ks.yaml b/kubernetes/apps/default/babybuddy/ks.yaml index 8506eeeb83..7ba05bc891 100644 --- a/kubernetes/apps/default/babybuddy/ks.yaml +++ b/kubernetes/apps/default/babybuddy/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -16,6 +16,7 @@ spec: kind: GitRepository name: home-ops-kubernetes dependsOn: + - name: crunchy-postgres-operator-cluster - name: external-secrets-stores - name: volsync wait: false @@ -27,4 +28,4 @@ spec: APP: *app VOLSYNC_CAPACITY: 2Gi VOLSYNC_UID: "65532" - VOLSYNC_GID: "65532" \ No newline at end of file + VOLSYNC_GID: "65532" diff --git a/kubernetes/apps/default/bazarr/app/externalsecret.yaml b/kubernetes/apps/default/bazarr/app/externalsecret.yaml index 0e68b60100..6875395178 100644 --- a/kubernetes/apps/default/bazarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/bazarr/app/externalsecret.yaml @@ -19,3 +19,26 @@ spec: dataFrom: - extract: key: bazarr +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: bazarr-db +spec: + secretStoreRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets + target: + name: bazarr-db-secret + template: + engineVersion: v2 + data: + POSTGRES_ENABLED: "true" + POSTGRES_DATABASE: '{{ index . "dbname" }}' + POSTGRES_HOST: '{{ index . "host" }}' + POSTGRES_USERNAME: '{{ index . "user" }}' + POSTGRES_PASSWORD: '{{ index . "password" }}' + POSTGRES_PORT: '{{ index . "port" }}' + dataFrom: + - extract: + key: postgres-pguser-bazarr diff --git a/kubernetes/apps/default/bazarr/app/helmrelease.yaml b/kubernetes/apps/default/bazarr/app/helmrelease.yaml index 210332c219..4dfa11ba60 100644 --- a/kubernetes/apps/default/bazarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/bazarr/app/helmrelease.yaml @@ -43,6 +43,7 @@ spec: bazarr: annotations: reloader.stakater.com/auto: "true" + secret.reloader.stakater.com/reload: bazarr-db-secret containers: app: image: @@ -53,10 +54,12 @@ spec: envFrom: - secretRef: name: bazarr-secret + - secretRef: + name: bazarr-db-secret securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true - capabilities: { drop: ["ALL"] } + capabilities: { drop: [ALL] } probes: liveness: &probes enabled: true @@ -95,13 +98,13 @@ spec: ingress: app: enabled: true - className: nginx + className: internal annotations: - # nginx.ingress.kubernetes.io/auth-method: GET - # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method - # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email - # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:subtitles-outline gethomepage.dev/enabled: "true" gethomepage.dev/group: Media @@ -140,6 +143,6 @@ spec: enabled: true type: configMap name: bazarr-scripts # overriden by kustomizeconfig - defaultMode: 0775 + defaultMode: 0775 # trunk-ignore(yamllint/octal-values) globalMounts: - path: /scripts diff --git a/kubernetes/apps/default/bazarr/ks.yaml b/kubernetes/apps/default/bazarr/ks.yaml index e36b4ff3ef..0f3d85afb0 100644 --- a/kubernetes/apps/default/bazarr/ks.yaml +++ b/kubernetes/apps/default/bazarr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -11,7 +11,9 @@ spec: labels: app.kubernetes.io/name: *app dependsOn: + - name: crunchy-postgres-operator-cluster - name: external-secrets-stores + - name: rook-ceph-cluster - name: volsync path: ./kubernetes/apps/default/bazarr/app prune: true diff --git a/kubernetes/apps/default/calibre/ks.yaml b/kubernetes/apps/default/calibre/ks.yaml index 6a231fea13..736befe63e 100644 --- a/kubernetes/apps/default/calibre/ks.yaml +++ b/kubernetes/apps/default/calibre/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/exercisediary/app/helmrelease.yaml b/kubernetes/apps/default/exercisediary/app/helmrelease.yaml index 442a6fcf5a..cc9d144058 100644 --- a/kubernetes/apps/default/exercisediary/app/helmrelease.yaml +++ b/kubernetes/apps/default/exercisediary/app/helmrelease.yaml @@ -37,8 +37,8 @@ spec: env: TZ: "${TIMEZONE}" PORT: &port 8851 - THEME: "darkly" # optional, default: grass - COLOR: "dark" # optional, default: light + THEME: darkly # optional, default: grass + COLOR: dark # optional, default: light resources: requests: cpu: 100m @@ -56,6 +56,11 @@ spec: enabled: true className: internal annotations: + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:radio gethomepage.dev/enabled: "true" gethomepage.dev/name: exercisediary diff --git a/kubernetes/apps/default/exercisediary/ks.yaml b/kubernetes/apps/default/exercisediary/ks.yaml index 11f699e588..5091d6af53 100644 --- a/kubernetes/apps/default/exercisediary/ks.yaml +++ b/kubernetes/apps/default/exercisediary/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/flaresolverr/ks.yaml b/kubernetes/apps/default/flaresolverr/ks.yaml index 06f0a59c6e..f4d67f64be 100644 --- a/kubernetes/apps/default/flaresolverr/ks.yaml +++ b/kubernetes/apps/default/flaresolverr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/flood/ks.yaml b/kubernetes/apps/default/flood/ks.yaml index 8adbc9b7ee..5dba5c38f1 100644 --- a/kubernetes/apps/default/flood/ks.yaml +++ b/kubernetes/apps/default/flood/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/freshrss/ks.yaml b/kubernetes/apps/default/freshrss/ks.yaml index 14e7f24ef6..8496e9836b 100644 --- a/kubernetes/apps/default/freshrss/ks.yaml +++ b/kubernetes/apps/default/freshrss/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/frigate/ks.yaml b/kubernetes/apps/default/frigate/ks.yaml index be77d65884..40cc2f7b94 100644 --- a/kubernetes/apps/default/frigate/ks.yaml +++ b/kubernetes/apps/default/frigate/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/ghostfolio/ks.yaml b/kubernetes/apps/default/ghostfolio/ks.yaml index 4363ae61e5..f56947bf83 100644 --- a/kubernetes/apps/default/ghostfolio/ks.yaml +++ b/kubernetes/apps/default/ghostfolio/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/hajimari/ks.yaml b/kubernetes/apps/default/hajimari/ks.yaml index 1ff2b4b498..b9a5db6ad9 100644 --- a/kubernetes/apps/default/hajimari/ks.yaml +++ b/kubernetes/apps/default/hajimari/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/home-assistant/ks.yaml b/kubernetes/apps/default/home-assistant/ks.yaml index 41ea73d42e..3694b282be 100644 --- a/kubernetes/apps/default/home-assistant/ks.yaml +++ b/kubernetes/apps/default/home-assistant/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -29,7 +29,7 @@ spec: GATUS_SUBDOMAIN: hass VOLSYNC_CAPACITY: 5Gi --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/homebox/ks.yaml b/kubernetes/apps/default/homebox/ks.yaml index 04eadac1d3..77d14e8fed 100644 --- a/kubernetes/apps/default/homebox/ks.yaml +++ b/kubernetes/apps/default/homebox/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/homepage/ks.yaml b/kubernetes/apps/default/homepage/ks.yaml index 36422e8997..1086bc87c5 100644 --- a/kubernetes/apps/default/homepage/ks.yaml +++ b/kubernetes/apps/default/homepage/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/jellyfin/ks.yaml b/kubernetes/apps/default/jellyfin/ks.yaml index 483d63834c..54e020ddd8 100644 --- a/kubernetes/apps/default/jellyfin/ks.yaml +++ b/kubernetes/apps/default/jellyfin/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/joplin/app/externalsecret.yaml b/kubernetes/apps/default/joplin/app/externalsecret.yaml index 8207c70869..efe671bb72 100644 --- a/kubernetes/apps/default/joplin/app/externalsecret.yaml +++ b/kubernetes/apps/default/joplin/app/externalsecret.yaml @@ -12,7 +12,9 @@ spec: template: engineVersion: v2 data: - POSTGRES_CONNECTION_STRING: postgresql://{{ index . "user" }}:{{ index . "password" }}{{ index . "host" }}:{{ index . "port" }}/{{ index . "dbname" }} + DB_CLIENT: pg + POSTGRES_CONNECTION_STRING: postgresql://{{ index . "user" }}:{{ index . "password" }}@{{ index . "host" }}:{{ index . "port" }}/{{ index . "dbname" }}?sslmode=require + NODE_TLS_REJECT_UNAUTHORIZED: "0" dataFrom: - extract: key: postgres-pguser-joplin diff --git a/kubernetes/apps/default/joplin/app/helmrelease.yaml b/kubernetes/apps/default/joplin/app/helmrelease.yaml index 2528978b6a..309cbfba08 100644 --- a/kubernetes/apps/default/joplin/app/helmrelease.yaml +++ b/kubernetes/apps/default/joplin/app/helmrelease.yaml @@ -41,7 +41,6 @@ spec: env: APP_BASE_URL: https://joplin.${SECRET_EXTERNAL_DOMAIN} APP_PORT: &port 8080 - DB_CLIENT: pg MAILER_ENABLED: 1 MAILER_HOST: smtp-relay.default.svc.cluster.local. MAILER_PORT: 2525 diff --git a/kubernetes/apps/default/joplin/ks.yaml b/kubernetes/apps/default/joplin/ks.yaml index 724c861426..25a0fa42d1 100644 --- a/kubernetes/apps/default/joplin/ks.yaml +++ b/kubernetes/apps/default/joplin/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/komf/ks.yaml b/kubernetes/apps/default/komf/ks.yaml index 4c47de6854..21e2b8c0ed 100644 --- a/kubernetes/apps/default/komf/ks.yaml +++ b/kubernetes/apps/default/komf/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/komga/ks.yaml b/kubernetes/apps/default/komga/ks.yaml index e735aadedc..63402b6da6 100644 --- a/kubernetes/apps/default/komga/ks.yaml +++ b/kubernetes/apps/default/komga/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/libmedium/app/config/config.toml b/kubernetes/apps/default/libmedium/app/config/config.toml index bd3dfc83f7..08378eea23 100644 --- a/kubernetes/apps/default/libmedium/app/config/config.toml +++ b/kubernetes/apps/default/libmedium/app/config/config.toml @@ -1,5 +1,5 @@ debug = false -source_code = "https://github.com/realaravinth/libmedium" +source_code = "https://git.batsense.net/realaravinth/libmedium" #cache = "/var/lib/libmedium" [server] diff --git a/kubernetes/apps/default/libmedium/app/helmrelease.yaml b/kubernetes/apps/default/libmedium/app/helmrelease.yaml index 4ab177856a..5621f29981 100644 --- a/kubernetes/apps/default/libmedium/app/helmrelease.yaml +++ b/kubernetes/apps/default/libmedium/app/helmrelease.yaml @@ -36,7 +36,7 @@ spec: app: image: repository: realaravinth/libmedium - tag: master@sha256:63d69a1fd87588028f9fdf26256ec11fc06ecb90fcdd6ee007cd20a1808e1b14 + tag: latest@sha256:3ab8addf2e78c69ca26b3df6305667541b0cbddbc473401199311650aa298478 resources: requests: cpu: 50m diff --git a/kubernetes/apps/default/libmedium/ks.yaml b/kubernetes/apps/default/libmedium/ks.yaml index a009946741..d377af90f1 100644 --- a/kubernetes/apps/default/libmedium/ks.yaml +++ b/kubernetes/apps/default/libmedium/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/lidarr/app/externalsecret.yaml b/kubernetes/apps/default/lidarr/app/externalsecret.yaml index 6000844efa..4c58d40de8 100644 --- a/kubernetes/apps/default/lidarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/lidarr/app/externalsecret.yaml @@ -22,3 +22,26 @@ spec: key: pushover - extract: key: lidarr +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: lidarr-db +spec: + secretStoreRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets + target: + name: lidarr-db-secret + template: + engineVersion: v2 + data: + LIDARR__POSTGRES__MAINDB: '{{ index . "dbname" }}' + LIDARR__POSTGRES__LOGDB: lidarr_log + LIDARR__POSTGRES__HOST: '{{ index . "host" }}' + LIDARR__POSTGRES__USER: '{{ index . "user" }}' + LIDARR__POSTGRES__PASSWORD: '{{ index . "password" }}' + LIDARR__POSTGRES__PORT: '{{ index . "port" }}' + dataFrom: + - extract: + key: postgres-pguser-lidarr diff --git a/kubernetes/apps/default/lidarr/app/helmrelease.yaml b/kubernetes/apps/default/lidarr/app/helmrelease.yaml index f10e9fab7f..da00d10d0f 100644 --- a/kubernetes/apps/default/lidarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/lidarr/app/helmrelease.yaml @@ -4,7 +4,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app lidarr - namespace: default spec: interval: 30m chart: @@ -39,6 +38,7 @@ spec: annotations: reloader.stakater.com/auto: "true" configmap.reloader.stakater.com/reload: lidarr-pushover + secret.reloader.stakater.com/reload: lidarr-db-secret containers: app: image: @@ -46,9 +46,9 @@ spec: tag: 2.9.0.4506@sha256:192f559e751fa123b752073beb4e840bd9c019825dd09a36beaa128cb7bc07e8 env: TZ: "${TIMEZONE}" - LIDARR__INSTANCE_NAME: Lidarr - LIDARR__PORT: &port 8080 - LIDARR__LOG_LEVEL: info + LIDARR__APP__INSTANCENAME: Lidarr + LIDARR__SERVER__PORT: &port 8080 + LIDARR__LOG__LEVEL: info PUSHOVER_APP_URL: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" PUSHOVER_PRIORITY: "0" envFrom: @@ -69,13 +69,13 @@ spec: ingress: app: enabled: true - className: nginx + className: internal annotations: - # nginx.ingress.kubernetes.io/auth-method: GET - # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method - # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email - # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:headphones hosts: - host: *host @@ -108,7 +108,7 @@ spec: scripts: type: configMap name: lidarr-pushover - defaultMode: 0775 + defaultMode: 0775 # trunk-ignore(yamllint/octal-values) globalMounts: - path: /scripts/pushover-notify.sh subPath: pushover-notify.sh diff --git a/kubernetes/apps/default/lidarr/ks.yaml b/kubernetes/apps/default/lidarr/ks.yaml index 4f1d3388c1..42b35f2faa 100644 --- a/kubernetes/apps/default/lidarr/ks.yaml +++ b/kubernetes/apps/default/lidarr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -12,6 +12,7 @@ spec: app.kubernetes.io/name: *app dependsOn: + - name: crunchy-postgres-operator-cluster - name: external-secrets-stores - name: rook-ceph-cluster - name: volsync diff --git a/kubernetes/apps/default/linkding/ks.yaml b/kubernetes/apps/default/linkding/ks.yaml index c8545fdbae..17a8d7a832 100644 --- a/kubernetes/apps/default/linkding/ks.yaml +++ b/kubernetes/apps/default/linkding/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/lldap/app/externalsecret.yaml b/kubernetes/apps/default/lldap/app/externalsecret.yaml index d287fe4751..5ab5e741ac 100644 --- a/kubernetes/apps/default/lldap/app/externalsecret.yaml +++ b/kubernetes/apps/default/lldap/app/externalsecret.yaml @@ -13,7 +13,6 @@ spec: template: engineVersion: v2 data: - # App LLDAP_JWT_SECRET: "{{ .LLDAP_JWT_SECRET }}" LLDAP_LDAP_USER_PASS: "{{ .password }}" LLDAP_USER_DN: "{{ .username }}" @@ -22,3 +21,21 @@ spec: dataFrom: - extract: key: lldap +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: lldap-db +spec: + secretStoreRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets + target: + name: lldap-db-secret + template: + engineVersion: v2 + data: + LLDAP_DATABASE_URL: 'postgres://{{ index . "user" }}:{{ index . "password" }}@{{ index . "host" }}:{{ index . "port" }}/{{ index . "dbname" }}' + dataFrom: + - extract: + key: postgres-pguser-lldap diff --git a/kubernetes/apps/default/lldap/app/helmrelease.yaml b/kubernetes/apps/default/lldap/app/helmrelease.yaml index 252faa3e75..bf2b3ecb5e 100644 --- a/kubernetes/apps/default/lldap/app/helmrelease.yaml +++ b/kubernetes/apps/default/lldap/app/helmrelease.yaml @@ -31,6 +31,7 @@ spec: lldap: annotations: reloader.stakater.com/auto: "true" + secret.reloader.stakater.com/reload: lldap-db-secret containers: app: image: @@ -45,6 +46,8 @@ spec: envFrom: - secretRef: name: lldap-secret + - secretRef: + name: lldap-db-secret resources: requests: cpu: 100m @@ -87,7 +90,6 @@ spec: - *host persistence: data: - enabled: true - existingClaim: *app + type: emptyDir globalMounts: - path: /data diff --git a/kubernetes/apps/default/lldap/app/kustomization.yaml b/kubernetes/apps/default/lldap/app/kustomization.yaml index 5d04acddd3..f641102c13 100644 --- a/kubernetes/apps/default/lldap/app/kustomization.yaml +++ b/kubernetes/apps/default/lldap/app/kustomization.yaml @@ -6,4 +6,3 @@ resources: - ./externalsecret.yaml - ./helmrelease.yaml - ../../../../templates/gatus/guarded - - ../../../../templates/volsync diff --git a/kubernetes/apps/default/lldap/ks.yaml b/kubernetes/apps/default/lldap/ks.yaml index f4d1270986..fe1066c3f6 100644 --- a/kubernetes/apps/default/lldap/ks.yaml +++ b/kubernetes/apps/default/lldap/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -15,6 +15,8 @@ spec: sourceRef: kind: GitRepository name: home-ops-kubernetes + dependsOn: + - name: crunchy-postgres-operator-cluster wait: false interval: 30m retryInterval: 1m @@ -22,4 +24,3 @@ spec: postBuild: substitute: APP: *app - VOLSYNC_CAPACITY: 1Gi diff --git a/kubernetes/apps/default/lms/ks.yaml b/kubernetes/apps/default/lms/ks.yaml index 240bc6dc04..428f30d3af 100644 --- a/kubernetes/apps/default/lms/ks.yaml +++ b/kubernetes/apps/default/lms/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/lychee/app/helmrelease.yaml b/kubernetes/apps/default/lychee/app/helmrelease.yaml index 35cbd67b82..1f7dc7edf1 100644 --- a/kubernetes/apps/default/lychee/app/helmrelease.yaml +++ b/kubernetes/apps/default/lychee/app/helmrelease.yaml @@ -53,12 +53,34 @@ spec: requests: cpu: 100m memory: 256Mi + probes: + liveness: &probes + enabled: true + custom: true + spec: + httpGet: &probeHttpGet + path: / + port: &port 80 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + readiness: *probes + startup: + enabled: true + custom: true + spec: + initialDelaySeconds: 0 + timeoutSeconds: 1 + periodSeconds: 10 + failureThreshold: 30 + httpGet: *probeHttpGet service: app: controller: *app ports: http: - port: 80 + port: *port ingress: app: enabled: true diff --git a/kubernetes/apps/default/lychee/ks.yaml b/kubernetes/apps/default/lychee/ks.yaml index 604f424566..9d60efdd35 100644 --- a/kubernetes/apps/default/lychee/ks.yaml +++ b/kubernetes/apps/default/lychee/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/music-transcode/ks.yaml b/kubernetes/apps/default/music-transcode/ks.yaml index 62446553ef..76b70d7d93 100644 --- a/kubernetes/apps/default/music-transcode/ks.yaml +++ b/kubernetes/apps/default/music-transcode/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/navidrome/ks.yaml b/kubernetes/apps/default/navidrome/ks.yaml index c4eedd395c..a7b7307cdc 100644 --- a/kubernetes/apps/default/navidrome/ks.yaml +++ b/kubernetes/apps/default/navidrome/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/outline/ks.yaml b/kubernetes/apps/default/outline/ks.yaml index 357285c407..495b4af199 100644 --- a/kubernetes/apps/default/outline/ks.yaml +++ b/kubernetes/apps/default/outline/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/paperless/ks.yaml b/kubernetes/apps/default/paperless/ks.yaml index 1ca3bee8fd..f117e98645 100644 --- a/kubernetes/apps/default/paperless/ks.yaml +++ b/kubernetes/apps/default/paperless/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/prowlarr/app/externalsecret.yaml b/kubernetes/apps/default/prowlarr/app/externalsecret.yaml index 7ec532178e..facef2b1ba 100644 --- a/kubernetes/apps/default/prowlarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/prowlarr/app/externalsecret.yaml @@ -4,7 +4,6 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: name: prowlarr - namespace: default spec: secretStoreRef: kind: ClusterSecretStore @@ -13,25 +12,34 @@ spec: name: prowlarr-secret template: data: - # App PROWLARR__AUTH__APIKEY: "{{ .PROWLARR__API_KEY }}" - PROWLARR__POSTGRES__HOST: &dbHost postgres17-rw.database.svc.cluster.local - PROWLARR__POSTGRES__PORT: "5432" - PROWLARR__POSTGRES__USER: &dbUser "{{ .PROWLARR__POSTGRES_USER }}" - PROWLARR__POSTGRES__PASSWORD: &dbPass "{{ .PROWLARR__POSTGRES_PASSWORD }}" - PROWLARR__POSTGRES__MAINDB: prowlarr_main PUSHOVER_API_TOKEN: "{{ .PUSHOVER_API_TOKEN }}" PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" - # Postgres Init - INIT_POSTGRES_DBNAME: prowlarr_main - INIT_POSTGRES_HOST: *dbHost - INIT_POSTGRES_USER: *dbUser - INIT_POSTGRES_PASS: *dbPass - INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" dataFrom: - - extract: - key: cloudnative-pg - extract: key: pushover - extract: key: prowlarr +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: prowlarr-db +spec: + secretStoreRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets + target: + name: prowlarr-db-secret + template: + engineVersion: v2 + data: + PROWLARR__POSTGRES__MAINDB: '{{ index . "dbname" }}' + PROWLARR__POSTGRES__LOGDB: prowlarr_log + PROWLARR__POSTGRES__HOST: '{{ index . "host" }}' + PROWLARR__POSTGRES__USER: '{{ index . "user" }}' + PROWLARR__POSTGRES__PASSWORD: '{{ index . "password" }}' + PROWLARR__POSTGRES__PORT: '{{ index . "port" }}' + dataFrom: + - extract: + key: postgres-pguser-prowlarr diff --git a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml index 60f42eb281..af91e89516 100644 --- a/kubernetes/apps/default/prowlarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/prowlarr/app/helmrelease.yaml @@ -4,7 +4,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app prowlarr - namespace: default spec: interval: 30m chart: @@ -32,14 +31,7 @@ spec: prowlarr: annotations: reloader.stakater.com/auto: "true" - initContainers: - init-db: - image: - repository: ghcr.io/onedr0p/postgres-init - tag: 16 - envFrom: &envFrom - - secretRef: - name: prowlarr-secret + secret.reloader.stakater.com/reload: prowlarr-db-secret containers: app: image: @@ -55,7 +47,11 @@ spec: PROWLARR__AUTH__REQUIRED: DisabledForLocalAddresses PROWLARR__SERVER__PORT: &port 8080 PROWLARR__UPDATE__BRANCH: develop - envFrom: *envFrom + envFrom: + - secretRef: + name: prowlarr-secret + - secretRef: + name: prowlarr-db-secret resources: requests: cpu: 100m @@ -71,13 +67,13 @@ spec: ingress: app: enabled: true - className: nginx + className: internal annotations: - # nginx.ingress.kubernetes.io/auth-method: GET - # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method - # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email - # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:movie-search gethomepage.dev/enabled: "true" gethomepage.dev/name: Prowlarr diff --git a/kubernetes/apps/default/prowlarr/app/kustomization.yaml b/kubernetes/apps/default/prowlarr/app/kustomization.yaml index f8c2e193ce..f641102c13 100644 --- a/kubernetes/apps/default/prowlarr/app/kustomization.yaml +++ b/kubernetes/apps/default/prowlarr/app/kustomization.yaml @@ -2,7 +2,6 @@ # yaml-language-server: $schema=https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: default resources: - ./externalsecret.yaml - ./helmrelease.yaml diff --git a/kubernetes/apps/default/prowlarr/ks.yaml b/kubernetes/apps/default/prowlarr/ks.yaml index ac72fe1d7c..0e423b6926 100644 --- a/kubernetes/apps/default/prowlarr/ks.yaml +++ b/kubernetes/apps/default/prowlarr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -11,6 +11,7 @@ spec: labels: app.kubernetes.io/name: *app dependsOn: + - name: crunchy-postgres-operator-cluster - name: external-secrets-stores path: ./kubernetes/apps/default/prowlarr/app prune: true diff --git a/kubernetes/apps/default/qbittorrent/ks.yaml b/kubernetes/apps/default/qbittorrent/ks.yaml index 6ab74371bb..809defc15c 100644 --- a/kubernetes/apps/default/qbittorrent/ks.yaml +++ b/kubernetes/apps/default/qbittorrent/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/radarr/app/externalsecret.yaml b/kubernetes/apps/default/radarr/app/externalsecret.yaml index e967f4da51..ee48cb1a38 100644 --- a/kubernetes/apps/default/radarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/radarr/app/externalsecret.yaml @@ -13,25 +13,33 @@ spec: name: radarr-secret template: data: - # App - RADARR__AUTH__APIKEY: "{{ .RADARR__API_KEY }}" - RADARR__POSTGRES__HOST: &dbHost postgres17-rw.database.svc.cluster.local - RADARR__POSTGRES__PORT: "5432" - RADARR__POSTGRES__USER: &dbUser "{{ .RADARR__POSTGRES_USER }}" - RADARR__POSTGRES__PASSWORD: &dbPass "{{ .RADARR__POSTGRES_PASSWORD }}" - RADARR__POSTGRES__MAINDB: radarr_main PUSHOVER_API_TOKEN: "{{ .PUSHOVER_API_TOKEN }}" PUSHOVER_USER_KEY: "{{ .PUSHOVER_USER_KEY }}" - # Postgres Init - INIT_POSTGRES_DBNAME: radarr_main radarr_log - INIT_POSTGRES_HOST: *dbHost - INIT_POSTGRES_USER: *dbUser - INIT_POSTGRES_PASS: *dbPass - INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" dataFrom: - - extract: - key: cloudnative-pg - extract: key: pushover - extract: key: radarr +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: radarr-db +spec: + secretStoreRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets + target: + name: radarr-db-secret + template: + engineVersion: v2 + data: + RADARR__POSTGRES__MAINDB: '{{ index . "dbname" }}' + RADARR__POSTGRES__LOGDB: radarr_log + RADARR__POSTGRES__HOST: '{{ index . "host" }}' + RADARR__POSTGRES__USER: '{{ index . "user" }}' + RADARR__POSTGRES__PASSWORD: '{{ index . "password" }}' + RADARR__POSTGRES__PORT: '{{ index . "port" }}' + dataFrom: + - extract: + key: postgres-pguser-radarr diff --git a/kubernetes/apps/default/radarr/app/helmrelease.yaml b/kubernetes/apps/default/radarr/app/helmrelease.yaml index e686df71f0..accec5fbe6 100644 --- a/kubernetes/apps/default/radarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/radarr/app/helmrelease.yaml @@ -4,7 +4,6 @@ apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: &app radarr - namespace: default spec: interval: 30m chart: @@ -39,14 +38,7 @@ spec: annotations: configmap.reloader.stakater.com/reload: radarr-pushover reloader.stakater.com/auto: "true" - initContainers: - init-db: - image: - repository: ghcr.io/onedr0p/postgres-init - tag: 16 - envFrom: &envFrom - - secretRef: - name: radarr-secret + secret.reloader.stakater.com/reload: radarr-db-secret containers: app: image: @@ -65,7 +57,11 @@ spec: RADARR__UPDATE__BRANCH: develop PUSHOVER_DEBUG: "false" PUSHOVER_PRIORITY: "0" - envFrom: *envFrom + envFrom: + - secretRef: + name: radarr-secret + - secretRef: + name: radarr-db-secret resources: requests: cpu: 500m @@ -81,13 +77,13 @@ spec: ingress: app: enabled: true - className: nginx + className: internal annotations: - # nginx.ingress.kubernetes.io/auth-method: GET - # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method - # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email - # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:filmstrip hosts: - host: *host @@ -123,7 +119,7 @@ spec: enabled: true type: configMap name: radarr-pushover - defaultMode: 0775 + defaultMode: 0775 # trunk-ignore(yamllint/octal-values) globalMounts: - path: /scripts/pushover-notify.sh subPath: pushover-notify.sh diff --git a/kubernetes/apps/default/radarr/ks.yaml b/kubernetes/apps/default/radarr/ks.yaml index bd36c76cb5..d556d7a4f4 100644 --- a/kubernetes/apps/default/radarr/ks.yaml +++ b/kubernetes/apps/default/radarr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -11,6 +11,7 @@ spec: labels: app.kubernetes.io/name: *app dependsOn: + - name: crunchy-postgres-operator-cluster - name: external-secrets-stores - name: rook-ceph-cluster - name: volsync diff --git a/kubernetes/apps/default/readeck/ks.yaml b/kubernetes/apps/default/readeck/ks.yaml index d32eb8b25e..a06c1270f7 100644 --- a/kubernetes/apps/default/readeck/ks.yaml +++ b/kubernetes/apps/default/readeck/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/recyclarr/ks.yaml b/kubernetes/apps/default/recyclarr/ks.yaml index 80bd52f414..085a1640ba 100644 --- a/kubernetes/apps/default/recyclarr/ks.yaml +++ b/kubernetes/apps/default/recyclarr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/redlib/ks.yaml b/kubernetes/apps/default/redlib/ks.yaml index 3ce9d42ab0..164c950f46 100644 --- a/kubernetes/apps/default/redlib/ks.yaml +++ b/kubernetes/apps/default/redlib/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/sabnzbd/ks.yaml b/kubernetes/apps/default/sabnzbd/ks.yaml index 586764e34a..1aaeb2c864 100644 --- a/kubernetes/apps/default/sabnzbd/ks.yaml +++ b/kubernetes/apps/default/sabnzbd/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/sharry/app/config/sharry.conf b/kubernetes/apps/default/sharry/app/config/sharry.conf index 97dbf0e5d3..789277741b 100644 --- a/kubernetes/apps/default/sharry/app/config/sharry.conf +++ b/kubernetes/apps/default/sharry/app/config/sharry.conf @@ -13,7 +13,7 @@ sharry.restserver { auth { fixed.enabled = false } - h2 { + jdbc { url = "jdbc:h2:///config/sharry.db;MODE=PostgreSQL;DATABASE_TO_LOWER=TRUE" # user = "${SHARRY_BACKEND_JDBC_USER}" # password = "${SHARRY_BACKEND_JDBC_PASSWORD}" diff --git a/kubernetes/apps/default/sharry/ks.yaml b/kubernetes/apps/default/sharry/ks.yaml index a894fc7b5b..11792490e3 100644 --- a/kubernetes/apps/default/sharry/ks.yaml +++ b/kubernetes/apps/default/sharry/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/smtp-relay/ks.yaml b/kubernetes/apps/default/smtp-relay/ks.yaml index f3cfec9272..a25dc8c32c 100644 --- a/kubernetes/apps/default/smtp-relay/ks.yaml +++ b/kubernetes/apps/default/smtp-relay/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/sonarr/app/externalsecret.yaml b/kubernetes/apps/default/sonarr/app/externalsecret.yaml index 624589be58..796c9de258 100644 --- a/kubernetes/apps/default/sonarr/app/externalsecret.yaml +++ b/kubernetes/apps/default/sonarr/app/externalsecret.yaml @@ -29,9 +29,31 @@ spec: INIT_POSTGRES_PASS: *dbPass INIT_POSTGRES_SUPER_PASS: "{{ .POSTGRES_SUPER_PASS }}" dataFrom: - - extract: - key: cloudnative-pg - extract: key: pushover - extract: key: sonarr +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: sonarr-db +spec: + secretStoreRef: + kind: ClusterSecretStore + name: crunchy-pgo-secrets + target: + name: sonarr-db-secret + template: + engineVersion: v2 + data: + SONARR__POSTGRES__MAINDB: '{{ index . "dbname" }}' + SONARR__POSTGRES__LOGDB: sonarr_log + SONARR__POSTGRES__HOST: '{{ index . "host" }}' + SONARR__POSTGRES__USER: '{{ index . "user" }}' + SONARR__POSTGRES__PASSWORD: '{{ index . "password" }}' + SONARR__POSTGRES__PORT: '{{ index . "port" }}' + + dataFrom: + - extract: + key: postgres-pguser-sonarr diff --git a/kubernetes/apps/default/sonarr/app/helmrelease.yaml b/kubernetes/apps/default/sonarr/app/helmrelease.yaml index 882910f866..0a4e78ae34 100644 --- a/kubernetes/apps/default/sonarr/app/helmrelease.yaml +++ b/kubernetes/apps/default/sonarr/app/helmrelease.yaml @@ -39,14 +39,7 @@ spec: annotations: reloader.stakater.com/auto: "true" configmap.reloader.stakater.com/reload: sonarr-pushover - initContainers: - init-db: - image: - repository: ghcr.io/onedr0p/postgres-init - tag: 16 - envFrom: &envFrom - - secretRef: - name: sonarr-secret + secret.reloader.stakater.com/reload: sonarr-db-secret containers: app: image: @@ -62,7 +55,11 @@ spec: SONARR__LOG__LEVEL: info SONARR__SERVER__PORT: &port 8080 SONARR__UPDATE__BRANCH: develop - envFrom: *envFrom + envFrom: + - secretRef: + name: sonarr-secret + - secretRef: + name: sonarr-db-secret probes: liveness: &probes enabled: true @@ -93,13 +90,13 @@ spec: ingress: app: enabled: true - className: nginx + className: internal annotations: - # nginx.ingress.kubernetes.io/auth-method: GET - # nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify - # nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method - # nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email - # nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; + nginx.ingress.kubernetes.io/auth-method: GET + nginx.ingress.kubernetes.io/auth-url: http://authelia.default.svc.cluster.local.:8888/api/verify + nginx.ingress.kubernetes.io/auth-signin: https://auth.${SECRET_EXTERNAL_DOMAIN}?rm=$request_method + nginx.ingress.kubernetes.io/auth-response-headers: Remote-User,Remote-Name,Remote-Groups,Remote-Email + nginx.ingress.kubernetes.io/auth-snippet: proxy_set_header X-Forwarded-Method $request_method; hajimari.io/icon: mdi:television-classic hosts: - host: &host "{{ .Release.Name }}.${SECRET_EXTERNAL_DOMAIN}" @@ -132,7 +129,7 @@ spec: scripts: type: configMap name: sonarr-pushover - defaultMode: 0775 + defaultMode: 0775 # trunk-ignore(yamllint/octal-values) globalMounts: - path: /scripts/pushover-notify.sh subPath: pushover-notify.sh diff --git a/kubernetes/apps/default/sonarr/ks.yaml b/kubernetes/apps/default/sonarr/ks.yaml index 520e3fba36..92358eba78 100644 --- a/kubernetes/apps/default/sonarr/ks.yaml +++ b/kubernetes/apps/default/sonarr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -11,6 +11,7 @@ spec: labels: app.kubernetes.io/name: *app dependsOn: + - name: crunchy-postgres-operator-cluster - name: external-secrets-stores - name: rook-ceph-cluster - name: volsync diff --git a/kubernetes/apps/default/tandoor/ks.yaml b/kubernetes/apps/default/tandoor/ks.yaml index 490980d47e..4eefa4ddaa 100644 --- a/kubernetes/apps/default/tandoor/ks.yaml +++ b/kubernetes/apps/default/tandoor/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/tdarr/ks.yaml b/kubernetes/apps/default/tdarr/ks.yaml index 8af127db24..b1141cf65f 100644 --- a/kubernetes/apps/default/tdarr/ks.yaml +++ b/kubernetes/apps/default/tdarr/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -29,7 +29,7 @@ spec: VOLSYNC_CACHE_CAPACITY: 20Gi VOLSYNC_CAPACITY: 50Gi --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/unifi/ks.yaml b/kubernetes/apps/default/unifi/ks.yaml index 99f5681819..220c9d2c9f 100644 --- a/kubernetes/apps/default/unifi/ks.yaml +++ b/kubernetes/apps/default/unifi/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/vaultwarden/ks.yaml b/kubernetes/apps/default/vaultwarden/ks.yaml index 3dc40060a3..2ed16e3dfc 100644 --- a/kubernetes/apps/default/vaultwarden/ks.yaml +++ b/kubernetes/apps/default/vaultwarden/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/vikunja/ks.yaml b/kubernetes/apps/default/vikunja/ks.yaml index 536cada633..b68575656e 100644 --- a/kubernetes/apps/default/vikunja/ks.yaml +++ b/kubernetes/apps/default/vikunja/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/zigbee2mqtt/ks.yaml b/kubernetes/apps/default/zigbee2mqtt/ks.yaml index dc580f6f25..e39245054c 100644 --- a/kubernetes/apps/default/zigbee2mqtt/ks.yaml +++ b/kubernetes/apps/default/zigbee2mqtt/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/default/zwave-js-ui/ks.yaml b/kubernetes/apps/default/zwave-js-ui/ks.yaml index ed3c5f940f..cf79b2b7b2 100644 --- a/kubernetes/apps/default/zwave-js-ui/ks.yaml +++ b/kubernetes/apps/default/zwave-js-ui/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/flux-system/addons/ks.yaml b/kubernetes/apps/flux-system/addons/ks.yaml index e066e0ed14..ecbb2094af 100644 --- a/kubernetes/apps/flux-system/addons/ks.yaml +++ b/kubernetes/apps/flux-system/addons/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -23,7 +23,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -47,7 +47,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/cilium/ks.yaml b/kubernetes/apps/kube-system/cilium/ks.yaml index 82de94d4a2..b8ca9d93a0 100644 --- a/kubernetes/apps/kube-system/cilium/ks.yaml +++ b/kubernetes/apps/kube-system/cilium/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -17,7 +17,7 @@ spec: retryInterval: 1m timeout: 5m --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/coredns/ks.yaml b/kubernetes/apps/kube-system/coredns/ks.yaml index f793e8f5c1..90fe8405bb 100644 --- a/kubernetes/apps/kube-system/coredns/ks.yaml +++ b/kubernetes/apps/kube-system/coredns/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/descheduler/ks.yaml b/kubernetes/apps/kube-system/descheduler/ks.yaml index 56288a1c2e..d79cc83cea 100644 --- a/kubernetes/apps/kube-system/descheduler/ks.yaml +++ b/kubernetes/apps/kube-system/descheduler/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/external-secrets/ks.yaml b/kubernetes/apps/kube-system/external-secrets/ks.yaml index 129ce810e7..d7a3c8263f 100644 --- a/kubernetes/apps/kube-system/external-secrets/ks.yaml +++ b/kubernetes/apps/kube-system/external-secrets/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -23,7 +23,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml b/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml index 4035b272d4..2bc6a4fb75 100644 --- a/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml +++ b/kubernetes/apps/kube-system/intel-device-plugin/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -23,7 +23,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/k8s-ycl/ks.yaml b/kubernetes/apps/kube-system/k8s-ycl/ks.yaml index 9a15c5f989..076f52f573 100644 --- a/kubernetes/apps/kube-system/k8s-ycl/ks.yaml +++ b/kubernetes/apps/kube-system/k8s-ycl/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml index 78bc1c315b..6001c89076 100644 --- a/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml +++ b/kubernetes/apps/kube-system/kubelet-csr-approver/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/metrics-server/ks.yaml b/kubernetes/apps/kube-system/metrics-server/ks.yaml index aad6237c9f..1aac4b5f60 100644 --- a/kubernetes/apps/kube-system/metrics-server/ks.yaml +++ b/kubernetes/apps/kube-system/metrics-server/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml b/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml index 3b26351e29..32ef41328a 100644 --- a/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml +++ b/kubernetes/apps/kube-system/node-feature-discovery/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -23,7 +23,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/reloader/ks.yaml b/kubernetes/apps/kube-system/reloader/ks.yaml index e498cd3ded..4051935c5b 100644 --- a/kubernetes/apps/kube-system/reloader/ks.yaml +++ b/kubernetes/apps/kube-system/reloader/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/snapshot-controller/ks.yaml b/kubernetes/apps/kube-system/snapshot-controller/ks.yaml index 72946bb0eb..5dad6a0f00 100644 --- a/kubernetes/apps/kube-system/snapshot-controller/ks.yaml +++ b/kubernetes/apps/kube-system/snapshot-controller/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/kube-system/spegel/ks.yaml b/kubernetes/apps/kube-system/spegel/ks.yaml index b17216e03f..e9d76bb909 100644 --- a/kubernetes/apps/kube-system/spegel/ks.yaml +++ b/kubernetes/apps/kube-system/spegel/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/network/external-dns/ks.yaml b/kubernetes/apps/network/external-dns/ks.yaml index 9d0c2da28b..79980a196c 100644 --- a/kubernetes/apps/network/external-dns/ks.yaml +++ b/kubernetes/apps/network/external-dns/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/network/k8s-gateway/ks.yaml b/kubernetes/apps/network/k8s-gateway/ks.yaml index 77efd51a61..67601e4285 100644 --- a/kubernetes/apps/network/k8s-gateway/ks.yaml +++ b/kubernetes/apps/network/k8s-gateway/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/network/nginx/external/helmrelease.yaml b/kubernetes/apps/network/nginx/external/helmrelease.yaml index 8c0112df1c..ad33975d7c 100644 --- a/kubernetes/apps/network/nginx/external/helmrelease.yaml +++ b/kubernetes/apps/network/nginx/external/helmrelease.yaml @@ -42,11 +42,11 @@ spec: config: # allow-snippet-annotations: true annotations-risk-level: Critical - block-user-agents: "AdsBot-Google,Amazonbot,anthropic-ai,Applebot-Extended,Bytespider,CCBot,ChatGPT-User,ClaudeBot,Claude-Web,cohere-ai,Diffbot,FacebookBot,FriendlyCrawler,Google-Extended,GoogleOther,GPTBot,img2dataset,omgili,omgilibot,peer39_crawler,peer39_crawler/1.0,PerplexityBot,YouBot," # taken from https://github.com/ai-robots-txt/ai.robots.txt + block-user-agents: AdsBot-Google,Amazonbot,anthropic-ai,Applebot-Extended,Bytespider,CCBot,ChatGPT-User,ClaudeBot,Claude-Web,cohere-ai,Diffbot,FacebookBot,FriendlyCrawler,Google-Extended,GoogleOther,GPTBot,img2dataset,omgili,omgilibot,peer39_crawler,peer39_crawler/1.0,PerplexityBot,YouBot, # taken from https://github.com/ai-robots-txt/ai.robots.txt client-body-buffer-size: 100M client-body-timeout: 120 client-header-timeout: 120 - # custom-http-errors: 400,403,404,500,501,502,503,504 + custom-http-errors: 400,403,404,500,501,502,503,504 enable-brotli: "true" enable-ocsp: "true" enable-real-ip: "true" @@ -85,7 +85,7 @@ spec: limits: memory: 500Mi defaultBackend: - enabled: false + enabled: true image: repository: ghcr.io/tarampampam/error-pages tag: 3.3.1@sha256:8aa49143d301a8e43fb38578a21450567169c32068db7c43a05a67ac9f9283c8 diff --git a/kubernetes/apps/network/nginx/internal/helmrelease.yaml b/kubernetes/apps/network/nginx/internal/helmrelease.yaml index 8bb8e718c8..5bc407a605 100644 --- a/kubernetes/apps/network/nginx/internal/helmrelease.yaml +++ b/kubernetes/apps/network/nginx/internal/helmrelease.yaml @@ -42,11 +42,11 @@ spec: config: # allow-snippet-annotations: true annotations-risk-level: Critical - block-user-agents: "AdsBot-Google,Amazonbot,anthropic-ai,Applebot-Extended,Bytespider,CCBot,ChatGPT-User,ClaudeBot,Claude-Web,cohere-ai,Diffbot,FacebookBot,FriendlyCrawler,Google-Extended,GoogleOther,GPTBot,img2dataset,omgili,omgilibot,peer39_crawler,peer39_crawler/1.0,PerplexityBot,YouBot," # taken from https://github.com/ai-robots-txt/ai.robots.txt + block-user-agents: AdsBot-Google,Amazonbot,anthropic-ai,Applebot-Extended,Bytespider,CCBot,ChatGPT-User,ClaudeBot,Claude-Web,cohere-ai,Diffbot,FacebookBot,FriendlyCrawler,Google-Extended,GoogleOther,GPTBot,img2dataset,omgili,omgilibot,peer39_crawler,peer39_crawler/1.0,PerplexityBot,YouBot, # taken from https://github.com/ai-robots-txt/ai.robots.txt client-body-buffer-size: 100M client-body-timeout: 120 client-header-timeout: 120 - # custom-http-errors: 400,403,404,500,501,502,503,504 + custom-http-errors: 400,403,404,500,501,502,503,504 enable-brotli: "true" enable-ocsp: "true" enable-real-ip: "true" @@ -83,18 +83,18 @@ spec: cpu: 100m limits: memory: 500Mi - # defaultBackend: - # enabled: false - # image: - # repository: ghcr.io/tarampampam/error-pages - # tag: 3.3.1@sha256:8aa49143d301a8e43fb38578a21450567169c32068db7c43a05a67ac9f9283c8 - # pullPolicy: IfNotPresent - # extraEnvs: - # - name: TEMPLATE_NAME - # value: connection - # - name: SHOW_DETAILS - # value: "true" - # - name: READ_BUFFER_SIZE - # value: "8192" - # - name: SEND_SAME_HTTP_CODE - # value: "true" + defaultBackend: + enabled: true + image: + repository: ghcr.io/tarampampam/error-pages + tag: 3.3.1@sha256:8aa49143d301a8e43fb38578a21450567169c32068db7c43a05a67ac9f9283c8 + pullPolicy: IfNotPresent + extraEnvs: + - name: TEMPLATE_NAME + value: connection + - name: SHOW_DETAILS + value: "true" + - name: READ_BUFFER_SIZE + value: "8192" + - name: SEND_SAME_HTTP_CODE + value: "true" diff --git a/kubernetes/apps/network/nginx/ks.yaml b/kubernetes/apps/network/nginx/ks.yaml index e1fec08456..eb0fb7137f 100644 --- a/kubernetes/apps/network/nginx/ks.yaml +++ b/kubernetes/apps/network/nginx/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -25,7 +25,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -51,7 +51,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/ngnode/landing-page/ks.yaml b/kubernetes/apps/ngnode/landing-page/ks.yaml index 35733e2c98..f90ce91fa4 100644 --- a/kubernetes/apps/ngnode/landing-page/ks.yaml +++ b/kubernetes/apps/ngnode/landing-page/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -24,7 +24,7 @@ spec: substitute: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/observability/apprise/ks.yaml b/kubernetes/apps/observability/apprise/ks.yaml index d12d688b5d..b4df254690 100644 --- a/kubernetes/apps/observability/apprise/ks.yaml +++ b/kubernetes/apps/observability/apprise/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/observability/gatus/ks.yaml b/kubernetes/apps/observability/gatus/ks.yaml index a155dc45f6..6a4d969637 100644 --- a/kubernetes/apps/observability/gatus/ks.yaml +++ b/kubernetes/apps/observability/gatus/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/observability/grafana/app/helmrelease.yaml b/kubernetes/apps/observability/grafana/app/helmrelease.yaml index e66865123f..e03c887973 100644 --- a/kubernetes/apps/observability/grafana/app/helmrelease.yaml +++ b/kubernetes/apps/observability/grafana/app/helmrelease.yaml @@ -128,14 +128,6 @@ spec: editable: true options: path: /var/lib/grafana/dashboards/prometheus-folder - - name: thanos - orgId: 1 - folder: Thanos - type: file - disableDeletion: false - editable: true - options: - path: /var/lib/grafana/dashboards/thanos-folder - name: unifi orgId: 1 folder: Unifi @@ -156,7 +148,7 @@ spec: type: prometheus uid: prometheus access: proxy - url: http://thanos-query-frontend.observability.svc.cluster.local.:10902 + url: http://prometheus-operated.observability.svc.cluster.local:9090 isDefault: true # - name: Loki # type: loki @@ -292,34 +284,6 @@ spec: gnetId: 19105 revision: 6 datasource: Prometheus - thanos: - thanos-bucket-replicate: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/bucket-replicate.json - datasource: Prometheus - thanos-compact: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/compact.json - datasource: Prometheus - thanos-overview: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/overview.json - datasource: Prometheus - thanos-query: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/query.json - datasource: Prometheus - thanos-query-frontend: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/query-frontend.json - datasource: Prometheus - thanos-receieve: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/receive.json - datasource: Prometheus - thanos-rule: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/rule.json - datasource: Prometheus - thanos-sidecar: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/sidecar.json - datasource: Prometheus - thanos-store: - url: https://raw.githubusercontent.com/monitoring-mixins/website/master/assets/thanos/dashboards/store.json - datasource: Prometheus unifi: unifi-insights: # renovate: depName="UniFi-Poller: Client Insights - Prometheus" diff --git a/kubernetes/apps/observability/grafana/ks.yaml b/kubernetes/apps/observability/grafana/ks.yaml index 0aaa42d8b7..55f33b7c08 100644 --- a/kubernetes/apps/observability/grafana/ks.yaml +++ b/kubernetes/apps/observability/grafana/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml b/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml index b1930db48d..c4591a7052 100644 --- a/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml +++ b/kubernetes/apps/observability/kube-prometheus-stack/app/helmrelease.yaml @@ -15,25 +15,24 @@ spec: name: prometheus-community namespace: flux-system interval: 5m - maxHistory: 2 install: - createNamespace: true - crds: CreateReplace + crds: Skip remediation: retries: 3 upgrade: cleanupOnFail: true - crds: CreateReplace + crds: Skip remediation: + strategy: rollback retries: 3 - uninstall: - keepHistory: false dependsOn: - - name: openebs - namespace: openebs-system - - name: thanos + - name: kube-prometheus-stack-crds namespace: observability + - name: rook-ceph-cluster + namespace: rook-ceph values: + crds: + enabled: false ### ### Component values ### @@ -133,9 +132,6 @@ spec: - hosts: - "prometheus.${SECRET_EXTERNAL_DOMAIN}" prometheusSpec: - podMetadata: - annotations: - secret.reloader.stakater.com/reload: &secret thanos-objstore-config replicas: 2 replicaExternalLabelName: replica scrapeInterval: 1m # Must match interval in Grafana Helm chart @@ -145,8 +141,8 @@ spec: ruleSelector: *selector scrapeConfigSelector: *selector serviceMonitorSelector: *selector - retention: 2d - retentionSize: 15GB + retention: 14d + retentionSize: 50GB enableAdminAPI: true walCompression: true storageSpec: @@ -156,17 +152,6 @@ spec: resources: requests: storage: 20Gi - thanos: - image: quay.io/thanos/thanos:${THANOS_VERSION} - version: "${THANOS_VERSION#v}" - objectStorageConfig: - existingSecret: - name: *secret - key: config - thanosService: - enabled: true - thanosServiceMonitor: - enabled: true alertmanager: config: global: diff --git a/kubernetes/apps/observability/kube-prometheus-stack/crds/helmrelease.yaml b/kubernetes/apps/observability/kube-prometheus-stack/crds/helmrelease.yaml new file mode 100644 index 0000000000..d426472c76 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/crds/helmrelease.yaml @@ -0,0 +1,23 @@ +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: kube-prometheus-stack-crds +spec: + interval: 30m + chart: + spec: + chart: prometheus-operator-crds + version: 17.0.2 + sourceRef: + kind: HelmRepository + name: prometheus-community + namespace: flux-system + install: + remediation: + retries: 3 + upgrade: + cleanupOnFail: true + remediation: + retries: 3 diff --git a/kubernetes/apps/observability/kube-prometheus-stack/crds/kustomization.yaml b/kubernetes/apps/observability/kube-prometheus-stack/crds/kustomization.yaml new file mode 100644 index 0000000000..17cbc72b25 --- /dev/null +++ b/kubernetes/apps/observability/kube-prometheus-stack/crds/kustomization.yaml @@ -0,0 +1,6 @@ +--- +# yaml-language-server: $schema=https://json.schemastore.org/kustomization +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./helmrelease.yaml diff --git a/kubernetes/apps/observability/kube-prometheus-stack/ks.yaml b/kubernetes/apps/observability/kube-prometheus-stack/ks.yaml index afbc56f35a..c77549ea09 100644 --- a/kubernetes/apps/observability/kube-prometheus-stack/ks.yaml +++ b/kubernetes/apps/observability/kube-prometheus-stack/ks.yaml @@ -1,5 +1,25 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: &app kube-prometheus-stack-crds + namespace: flux-system +spec: + targetNamespace: observability + commonMetadata: + labels: + app.kubernetes.io/name: *app + path: ./kubernetes/apps/observability/kube-prometheus-stack/crds + prune: false # never should be deleted + sourceRef: + kind: GitRepository + name: home-ops-kubernetes + wait: false + interval: 30m + timeout: 5m +--- +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -12,7 +32,7 @@ spec: app.kubernetes.io/name: *app dependsOn: - name: rook-ceph-cluster - - name: thanos + - name: kube-prometheus-stack-crds path: ./kubernetes/apps/observability/kube-prometheus-stack/app prune: true sourceRef: @@ -28,7 +48,7 @@ spec: # renovate: datasource=docker depName=quay.io/thanos/thanos THANOS_VERSION: v0.35.0 --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/observability/kustomization.yaml b/kubernetes/apps/observability/kustomization.yaml index b4c4d6fc97..c400eca60b 100644 --- a/kubernetes/apps/observability/kustomization.yaml +++ b/kubernetes/apps/observability/kustomization.yaml @@ -13,4 +13,3 @@ resources: - ./kube-prometheus-stack/ks.yaml - ./mailrise/ks.yaml - ./scrutiny/ks.yaml - - ./thanos/ks.yaml diff --git a/kubernetes/apps/observability/mailrise/ks.yaml b/kubernetes/apps/observability/mailrise/ks.yaml index 733a33e8b7..3693e28df3 100644 --- a/kubernetes/apps/observability/mailrise/ks.yaml +++ b/kubernetes/apps/observability/mailrise/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/observability/scrutiny/ks.yaml b/kubernetes/apps/observability/scrutiny/ks.yaml index 413e85eb82..730ac17a2e 100644 --- a/kubernetes/apps/observability/scrutiny/ks.yaml +++ b/kubernetes/apps/observability/scrutiny/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -28,7 +28,7 @@ spec: APP: *app VOLSYNC_CAPACITY: 2Gi --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml index 2b2484f522..5eb4203518 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/app/helmrelease.yaml @@ -43,6 +43,4 @@ spec: requests: cpu: 10m memory: 128Mi - limits: - cpu: 300m - memory: 256Mi + limits: {} diff --git a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml index b8869d177d..aae69dfe09 100644 --- a/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml +++ b/kubernetes/apps/rook-ceph/rook-ceph/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -24,7 +24,7 @@ spec: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: @@ -51,7 +51,7 @@ spec: APP: *app --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/apps/volsync/volsync/ks.yaml b/kubernetes/apps/volsync/volsync/ks.yaml index 418ad6beb8..5f40078585 100644 --- a/kubernetes/apps/volsync/volsync/ks.yaml +++ b/kubernetes/apps/volsync/volsync/ks.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/flux/apps.yaml b/kubernetes/flux/apps.yaml index 8057258e97..e905709cd6 100644 --- a/kubernetes/flux/apps.yaml +++ b/kubernetes/flux/apps.yaml @@ -1,5 +1,5 @@ --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/flux/config/cluster.yaml b/kubernetes/flux/config/cluster.yaml index 38051e13a5..22fa506c69 100644 --- a/kubernetes/flux/config/cluster.yaml +++ b/kubernetes/flux/config/cluster.yaml @@ -19,7 +19,7 @@ spec: # include kubernetes directory !/kubernetes --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/flux/config/flux.yaml b/kubernetes/flux/config/flux.yaml index dae1397c91..b4fa270948 100644 --- a/kubernetes/flux/config/flux.yaml +++ b/kubernetes/flux/config/flux.yaml @@ -11,7 +11,7 @@ spec: ref: tag: v2.4.0 --- -# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json +# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: diff --git a/kubernetes/flux/vars/cluster-settings.yaml b/kubernetes/flux/vars/cluster-settings.yaml index ecdcbe7fcb..e9b406ca57 100644 --- a/kubernetes/flux/vars/cluster-settings.yaml +++ b/kubernetes/flux/vars/cluster-settings.yaml @@ -31,4 +31,4 @@ data: LOCAL_LAN_OPNSENSE: 192.168.8.1 LOCAL_LAN_TRUENAS: 192.168.9.10 LOCAL_LAN_TRUENAS_REMOTE: 10.10.0.2 - TIMEZONE: "Europe/Paris" + TIMEZONE: Europe/Paris diff --git a/kubernetes/talos/cluster-0/talconfig.yaml b/kubernetes/talos/cluster-0/talconfig.yaml index 48eb453b05..21c6852098 100644 --- a/kubernetes/talos/cluster-0/talconfig.yaml +++ b/kubernetes/talos/cluster-0/talconfig.yaml @@ -69,7 +69,7 @@ patches: time: disabled: false servers: - - 192.168.8.1 + - time.cloudflare.com # Configure cluster loopback - |-