Add gotify

2023-04-14 00:42:02 -04:00 · 2023-04-14 00:42:02 -04:00 · ac3f6fe5ba
parent dc1e1b6390
commit ac3f6fe5ba
11 changed files with 80 additions and 18 deletions
--- a/cluster/apps/authentik/helm-release.yaml
+++ b/cluster/apps/authentik/helm-release.yaml
@ -55,7 +55,6 @@ spec:
    ingress:
      enabled: true
      annotations:
-        cert-manager.io/cluster-issuer: "letsencrypt-production"
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
      hosts:
        - host: &host "auth.${SECRET_NEW_DOMAIN}"
--- a/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml
+++ b/cluster/apps/database/postgresql/pgadmin4/helm-release.yaml
@ -19,10 +19,13 @@ spec:
    ingress:
      enabled: true
      annotations:
-        cert-manager.io/cluster-issuer: "letsencrypt-production"
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
      hosts:
-        - host: pgsql.database.${SECRET_DOMAIN}
+        - host: &host pgsql.database.${SECRET_DOMAIN}
          paths:
            - path: "/"
-              pathType: Prefix
+              pathType: Prefix
+      tls:
+        - hosts:
+            - *host
+          secretName: wildcard-main-tls
--- a/cluster/apps/tools/gotify/helm-release.yaml
+++ b/cluster/apps/tools/gotify/helm-release.yaml
@ -0,0 +1,63 @@
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: gotify
+  namespace: tools
+spec:
+  interval: 5m
+  chart:
+    spec:
+      chart: app-template
+      version: 1.3.x
+      sourceRef:
+        kind: HelmRepository
+        name: bjws-charts
+        namespace: flux-system
+
+  values:
+    image:
+      repository: ghcr.io/gotify/server
+      tag: latest
+
+    env:
+      TZ: America/New_York
+
+    service:
+      main:
+        ports:
+          http:
+            port: 80
+
+    probes:
+      liveness:
+        enabled: false
+
+    ingress:
+      main:
+        enabled: true
+        annotations:
+          traefik.ingress.kubernetes.io/router.entrypoints: websecure
+        hosts:
+          - host: &host "notif.${SECRET_NEW_DOMAIN}"
+            paths:
+              - path: /
+                pathType: Prefix
+        tls:
+          - hosts:
+              - *host
+            secretName: wildcard-main-tls
+
+    persistence:
+      config:
+        enabled: true
+        type: hostPath
+        hostPath: /mnt/MainPool/Kubernetes/gotify
+        mountPath: /app/data
+
+    resources:
+      requests:
+        cpu: 1m
+        memory: 8Mi
+        
+      limits:
+        memory: 500Mi
--- a/cluster/apps/tools/gotify/kustomization.yaml
+++ b/cluster/apps/tools/gotify/kustomization.yaml
@ -0,0 +1,4 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- ./helm-release.yaml
--- a/cluster/apps/tools/hastebin/helm-release.yaml
+++ b/cluster/apps/tools/hastebin/helm-release.yaml
@ -50,7 +50,6 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - host: &host "paste.${SECRET_NEW_DOMAIN}"
--- a/cluster/apps/tools/kustomization.yaml
+++ b/cluster/apps/tools/kustomization.yaml
@ -5,4 +5,5 @@ resources:
 - ./network_policy.yaml
 - ./transfersh
 - ./vaultwarden
- ./hastebin
+- ./hastebin
+- ./gotify
--- a/cluster/apps/tools/transfersh/helm-release.yaml
+++ b/cluster/apps/tools/transfersh/helm-release.yaml
@ -46,7 +46,6 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - host: &host "upload.${SECRET_NEW_DOMAIN}"
--- a/cluster/apps/tools/vaultwarden/helm-release.yaml
+++ b/cluster/apps/tools/vaultwarden/helm-release.yaml
@ -33,7 +33,6 @@ spec:
      main:
        enabled: true
        annotations:
-          cert-manager.io/cluster-issuer: "letsencrypt-production"
          traefik.ingress.kubernetes.io/router.entrypoints: websecure
        hosts:
          - host: &host "bitwarden.${SECRET_NEW_DOMAIN}"
--- a/cluster/core/cert-manager/wildcard-cert.yaml
+++ b/cluster/core/cert-manager/wildcard-cert.yaml
@ -8,7 +8,7 @@ spec:

  secretTemplate:
    annotations:
-      replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik"
+      replicator.v1.mittwald.de/replicate-to: "traefik,download,media,tools,management,authentik,database"

  duration: 2160h # 90d
  renewBefore: 360h # 15d
@ -19,4 +19,5 @@ spec:

  dnsNames:
    - "*.${SECRET_NEW_DOMAIN}"
-    - "*.k3s.${SECRET_NEW_DOMAIN}"
+    - "*.k3s.${SECRET_NEW_DOMAIN}"
+    - "*.database.${SECRET_NEW_DOMAIN}"
--- a/cluster/core/networking/traefik/helm-release.yaml
+++ b/cluster/core/networking/traefik/helm-release.yaml
@ -85,13 +85,6 @@ spec:
    ingressRoute:
      dashboard:
        enabled: false
-#        annotations:
-#          cert-manager.io/cluster-issuer: "letsencrypt-production"
-#        entryPoints:
-#          - websecure
-#        middlewares:
-#          - traefik-authentik@kubernetescrd
-#        matchRule: Host(`traefik.${SECRET_DOMAIN}`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))

    # Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
    ingressClass:
--- a/docs/todo.md
+++ b/docs/todo.md
@ -22,4 +22,5 @@ TODO:
  - [ ] Move transfer storage to minio
 - [ ] Reloader
 - [ ] kured
- [ ] external-dns
+- [ ] external-dns
+- [x] gotify