Compare commits
1 Commits
4aa9cbf359
...
6fe2196f72
Author | SHA1 | Date |
---|---|---|
Renovate Bot | 6fe2196f72 |
|
@ -1,6 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ./namespace.yaml
|
|
||||||
- ./snapshot-controller/ks.yaml
|
|
||||||
- ./volsync/ks.yaml
|
|
|
@ -1,4 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: volsync-system
|
|
|
@ -1,28 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: snapshot-controller
|
|
||||||
namespace: volsync-system
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
timeout: 15m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: snapshot-controller
|
|
||||||
version: 3.0.6
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: piraeus
|
|
||||||
namespace: flux-system
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
upgrade:
|
|
||||||
cleanupOnFail: true
|
|
||||||
remediation:
|
|
||||||
strategy: rollback
|
|
||||||
retries: 3
|
|
||||||
values:
|
|
||||||
webhook:
|
|
||||||
enabled: false
|
|
|
@ -1,19 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: snapshot-controller
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
#targetNamespace: volsync-system
|
|
||||||
path: ./kubernetes/common/apps/volsync-system/snapshot-controller/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
|
@ -1,19 +0,0 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: volsync
|
|
||||||
namespace: volsync-system
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: volsync
|
|
||||||
version: 0.10.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: backube
|
|
||||||
namespace: flux-system
|
|
||||||
values:
|
|
||||||
manageCRDs: true
|
|
||||||
metrics:
|
|
||||||
disableAuth: true
|
|
|
@ -1,8 +0,0 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: backube
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 1m
|
|
||||||
url: https://backube.github.io/helm-charts/
|
|
|
@ -1,21 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: volsync
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
#targetNamespace: volsync-system
|
|
||||||
path: ./kubernetes/common/apps/volsync-system/volsync/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
dependsOn:
|
|
||||||
- name: snapshot-controller
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
|
@ -5,72 +5,72 @@ metadata:
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
type: Opaque
|
type: Opaque
|
||||||
stringData:
|
stringData:
|
||||||
identity: ENC[AES256_GCM,data:XdDbrb6Hkn6DkSkFzvrFf6zvxbVMOiGkdDoZwOnu5S6Fj/Ln8jeP6QxpKYqJH62J5SaFtLQs4Eb443vURFqRRZO/s9E9bDUfToFcCvTOF+DcigO03yk81wPRnu19Zr+VJK/R3d5EYfc/aDv/52mm/MnH4ytwFdN/ped7vT6zwbgWByPGtn5lN7pgsmnFSOXJvpfHrbyWva/mAntf6tRXEMO97xs9VazH9PlVrBp6y9qEsVb/EzNFLMx6VYCj/e+/wiegb0+SAUTgHbf6WrEpEtpY+RBmJqVPrK68F9oxvXNgBcBb0LWg9p81pl8QfJHDKDtDUW08mnibT+IMqiwoECwKuArvCyI7fjd/VRBRYhcHZkJwJxIbEmIxHxs9ubCMUGvBtcuKfctQ/KwkyeuAvoPeFqOJlRfYooRxF3tLutE5XsSWEI87PdU7VrGYKnYTO+9aItAK60w/BsiJbkF1xrvBcLmOJx7p1zcDNuAuYBz9QBsSUChSzwUsrGmxebN/3XAmB/n/mcp8bka7d/vtmjSpVBruVu9olg00,iv:/39YiKJ5i6LRchiElgrClE20iJuV4SF7HB95Qi7lRdo=,tag:IQCxRRHEFg5XypwjQP7VDQ==,type:str]
|
identity: ENC[AES256_GCM,data:Sx6ZC5nQFKwjKl1ohqCKz7x71JT0JFRf+IQqciujxeUWAzYd5Ui12BGiUW/zu2l56vFXa0zqf2F2rsqjv8IvrkhGYXp5crm0Q709o3Gw2GWE6FrSsJqKN9s6vz0mettAUdnjjZKr1wGf56NWrrKXe/1WYEBRhDAt11e8Uei2wCXf0DP2AIGH5BThV980IitD3qhmBvJWrZhurIt8HMyxFdtzEkr3zbfh+U33uLOIC1tOvVnShNyv+Khgc0CjzM+OrQAUCkMOiEPPAjjVrnHcgzHnNZaxQ4SaSMW1lqBpW1Nxqzp/LP3UVIffJjvqtvcPkC9fdBQyAgzbhNDuQV7HDPdCBcac3GZVGYnaPFG7OpWYkBUp2RBY5fjkXjJ4NFfIcS2JQtkVgwmd8ywm6I/laWUZn5qBPG9yz0HIQv3mc0zPv8v7ae/r9Bet/vrVioLhyK/MD73eTKWz7wFTTytiMSgSeejwm9wCog/QLMGp+qdVR/Fnzh75xjGnIk8y+oqkLB6e6mGX9saRccJOlYKvBqd+DYOKyou2Gux/,iv:GkEzgT4SSoqkl6Q7ceZrmt9U303lB3JFQ7AiLj27ElE=,tag:2nsq2GgkkvZts40lztg17g==,type:str]
|
||||||
identity.pub: ENC[AES256_GCM,data:qNJjZriw2GgTMUz85E7R91n2m0cAlqWn4mZdOUgppOMGWEwxiIma4vM3YGkx2Ltt0u78rzng1KJBLSHRXvygJiQLj72+nDYqNuoSK5EQDjk=,iv:VVIX7dU/JO7mCBa/J7gBSYvNX+xyQRtKRzx/BEe0Ny0=,tag:5VO+ib7+qKX6FFefXIGODQ==,type:str]
|
identity.pub: ENC[AES256_GCM,data:D+Vm8UYZnigJpJ4G6BWaXJx0aASRmfURe9HmMPCgXBTHYtqEaU3MAZ2/YcBBBSrLBjziaS1D86g2coPfWOcmwJ4NPOKjJSV10cFsZIPnk4w=,iv:TDZi/AxIJHY2IGgTyOS7oGErPxaYMtBek8efalLmsJw=,tag:feL7jyXQabIvmbB0y5qNiQ==,type:str]
|
||||||
known_hosts: ENC[AES256_GCM,data:MHZdra08vS1QvRWuAvmaKhHxAkhfZuznMhWvM21X6oriI8ylfeaI2Ho2DIUmToiSKGS4wZiTNiB7lMvrPBcCO/l+f2bGXFu4YdXrTLFoV3O9K9cwQRftsqAKgq+zLP5zy11Jd8Hy5J1numqhCb/DmP9AjZflDfhANckBHuDlEJiV4xitbLaMWzmgLDS34K/h1Q+u92j2OgBD5lHiHxszlTkTsqAtSdChCDExOS2Z2nMQIIRI7+E2uGlNtaQ9AhviZlREUWAxGUr8y+fK9jN/XGnaUWEjS5SXUXwtzHnBzv+t5dCtuMLQ2eOki7qcYU5jaQ2uhMrovmaYiIdEgVMtt6VQOoo/5uQx5CHzTwrbqA5lm0hMArf1ZvuzoUf6rJvRBL3KKolWW5wjb57xQxGNgkJ03SI2AYFIVrCB/glEmKK3ZEOn0AFkWTB0rchgjuKnVLuwh5Q5e7yCLrMgQdUcRZCPt0W9CEkVirmBYN8CB6Cuh5cnzXUDrmSvJxJRXFLv/RR+IOEBzQFujMSbp4WdXqZzORx/GrbFKECGuOO0srFdeE+EJVehmvX/OWqQsV21fia3VuUm36w5TjrgsyHQBB70s59RGy6XPzPbmYD/BYk4n7D3Tq7ngukbWqO7ImP0DbUEZlW+ZqEg7S/rYGbeI3oiJs36MLJnMCyXmJ0T7znPoKTZAu4MFQY2JvOcngGTq8ua1ftbQFYVQbOBcF0nkQoe81uj4S8YBziq2rT1vFfgw26OeWlwmUCWQ0i3a7US3VzoJ9D/qU4HAOrjz8REekfwLcL6rEqwSKbDl6gerye5os/iWaXHhOQDFrntc+kodgNLpI003/AXS598Wshzl1iX1FUN5N/Ak6JMKwa4Gv3om6DYiWnHETbkl/6KKtlZFfJ/b7KDjrVGIizT/CZdYegWzg/y8uzTZ9hscO+KfUqda0hg7gWzm+puMrLrVQNvWomtB5eqo6rq1sRER555HTv7ieacha+ZOrwcv1YgpKEB5fpf1vrKrMSCUbVPG/QEDp8PacLcxHpkIiC1sFW3FcvDfw1NzJ6pP4R4FAR1IomBq15+78BM7axx0LXFq8ILYKm7tw643qj5l5HYyoTYAKjji6eLXhG03l2gGeOBa2Qzu2PgudjwoT2uZvZv3MT921na2gQ1Ri8LvhFMXyw+Gvmc3PSOxigoegvWCiDlvS3cfEg7+Dl7IlpaeADWBSWT6qE3x2eYW3V6PtUjuaM/vlJm7RunMYicIB/JMK3Biw+2fhU2RlmINtA2dMDUsaOdetC9DeYltVQPY0XYlV9Kn0OpiPf6mpq2R9ceiQ1QZ4wVBijNHvWqEr92ytodUpLZPxY7qCZ0ArPAFh36YliZg43tlB1041ukqWrWqwtRGINTvGGFW57XHvBVzR0osjwS,iv:5Zi1hQ7sQQFJMB4Ynk8QfyEDco4KrSsriFYHgho6YLU=,tag:t+Z8okFnDFCvt/uLfr06Cw==,type:str]
|
known_hosts: ENC[AES256_GCM,data:n01pTAMd2h98vRT8OtCvw/M6o57FCE73nGgH8vLbiQH4EkA8QPEGUR48r+YS6hFP8n8FXVjuoGDFYdjuZchtm3/CqZBqqhlg9DPtrDwjYfjhf3GpB72iE+R9qNPMlF+aHe45egOzzr3OYZ/wuRDo25x8+d4r19FFLKZDEQdpx5FJnr4H1x9+hm8VKGvh8eJpYDzLm73LdsfCJ37ZjecmnTEkK0BHIOPsglhDwXOfAtKSk9DlUz9veaoFhTwJQK6zJbUYj+vIMc3Z8ACVLJbkxWePHKpkKBAwlEcYP83j/mCZbFITRhBxcyIF+Z2gnheH3KCoaAhl8WW0jK3hM752tu8UxdAa6FMRio0hZ+d4IDKFe9oJNHchUT7pmeL4lrqnUNC7/YdL30WX8aCTWL5anYYyBTYS8TgQmDrKgOz+daw26y9Bte+omkjOIO1avdyu7ZBTNffN5xySma6ARX6X5V4e43vJMPT5+plJSZK7LoMsuY0+ZYlE5ajmYvtIIbQaYvk4OHchH/jhMuW4djlW4ZmJ/ihdGj4hj7reNdc+QyPoYgHuz/SekrdSxJsjFQH9Ke7KQAuxrblwMtUHlsPO3iFd1JmGUD0Ff/IMldL6AVAprcoBgnUmubyRCN4innxkgTdPH74AelBSjOvYRvd6osK4zl+gY9R0NohJTAJWdvsZr8CU9zyth15kLVJpdlyK0iXNFL/+Tg5MKwhBNiucsYrlTDYqyHpT4ssn2ECXygy3IJy84g29L9gI+D+UVlNS0xYpeHNb+8FN10qjITmY5PV5izLnNM+QIitr3UDnMGWPzHqyK5SoKPZZQIUw7engtGKNoLRm0cNWElbHmVHzYXN/9dToxqiWpjsGQsYXMLgeBxwRJ351cKjqYq2mJ3HMsLzjssx/D1GtD5j5AcTV+hKCrOP482SBpB8kdBwFck6IR4jVZTKxhde/4xvtOFcPSb8fUMh4VtItK62RRXbgCd6MsEGz4ZzO9Qmd37QRW0HUtBTtDZ2v4LceQ2IrvzQa85McSDoqFtF8ikkGZytrns0jsrtUi/q0f8AebB0hViU+pBD5/7/Kqi14XCTfp3+BCqhl5tVeiEHRN2aF3C9k26zOwZYzp7mmOdz2CMl5TSyrFt0FAe4ZPaKGQx5ZMvQ45yxY8XGu28sRfOGJ4DvE/ieyrzN4MAWB6XugxHkeE4T9NUZGeNPOSZ/+1hoVQ4648I8+zZ4eoWHpJk0ROFQpS98VsDA8NFWUcKBZL/wnSApxEm/5M4XPeoZ1qsjvMTm4q7di8MARhkx9iibli5AoEq8HXCZ2yOOkF3Jybt5iQ8ET5lHrCPm6dAAdOGDxJFEoVxc9Jzgg778OjpEaBlpdcnTYnZe5fgM4xVzv7+dFM5LSwNRiXBG4RDDMQJxkVpGl,iv:r63R2DHRHmWEOklp8Fp60R293bphRo0fEtBbfY6kwtE=,tag:WvAkb38Bb+nco/ZpaXhP3A==,type:str]
|
||||||
password: ENC[AES256_GCM,data:fGFEgW7D5M0if8qqfNGFUP3cUCW8Nn/XsmRf0PM21vDLjrYzuOLHJA==,iv:ds829XOqukonj7fqZWO+ErK6IDGb61nCa/lwEp0P91Y=,tag:gtudo2jdx6Totv6JcUKBEg==,type:str]
|
password: ENC[AES256_GCM,data:6VdCKBqa6tSVKr+zh/X4eTEX3kG6k1VjFt3PJ5Sx064viFfxOdl5Xw==,iv:Um82ZkCtJr7UZAhu3e06tzQYPJhU+nCrwyH1lQ/FP6A=,tag:Ydookfcn2C+hpdDcHhdBbg==,type:str]
|
||||||
username: ENC[AES256_GCM,data:44LM,iv:uBoSRjeqqq0CC4BRcpp2F0ua09nOI3kaWcAJA2AOFyU=,tag:cjyOHOG+hoPHc2pVvJ8+5A==,type:str]
|
username: ENC[AES256_GCM,data:XneA,iv:6jH3tuWgC6J1GfSvQ2DxumxhJfNHCE+EvLy1CVKomy4=,tag:Jpk+AqScz8SrGRNEaVfoiA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
azure_kv: []
|
azure_kv: []
|
||||||
hc_vault: []
|
hc_vault: []
|
||||||
age: []
|
age: []
|
||||||
lastmodified: "2024-10-18T23:02:46Z"
|
lastmodified: "2024-08-03T21:27:12Z"
|
||||||
mac: ENC[AES256_GCM,data:8ESBtPXyeYNjGJ8FLmslEolr/F1gq5XBAkPuPQQxm5SnM++TwbG0E2oyy8TD7FYa62l48Rsdl+o02cwAI8KFk7zcy6588Ti7IBszmkanlDZy0VqoD4rAY4WJZ2m8m0yJEx7roM7gQm0nYJGRufRyK+g2OjVh1YQBxGymnrL2Jtg=,iv:CvFWYFxHfCH8ChQp9XA6S36vswnhUBNRkfW2ZmuIvGE=,tag:Jl+vffpyK1iYzXC1lgJT+Q==,type:str]
|
mac: ENC[AES256_GCM,data:lbcdmV8GaSg/7IEvBTASEOamqLae4SlKEd0pwejnWam6UGWqiYYRYHeHdPJCycWC6xQYc6/S0i7tZf41jhb78nYdp5LsPQ//p9m2/eYKTuNFUuOOnhV6WVP+bkPexsWGPvL85F8hwNutCEpAs6msKkR8Fj2SRgmUn2L/fyx8KKY=,iv:d1y86x1svh9T6XVMi+7sGx/iVDvlk9pgXAogtwHwpmw=,tag:kRZ5xZKpj727O20efLpSyg==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-10-18T23:02:46Z"
|
- created_at: "2024-08-03T21:27:12Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ//cYkEt2KpQw/5VtIM9Ym1c2i2MCSh7y+nQdzocy4RF2Iw
|
hQIMAyqlIeyoxYovARAAyPqbpe2mT3Ki6HURqq4VS35Yt8fmx1acasEtvBNCUVat
|
||||||
H7jR99FHl7vFfNp4tJyfz+OGnE/3B2EqDUM2bCmrp1628iQext0ExKSAheIJygPZ
|
8Oj3LEvjYvvtBC7LY5msI4HZJnbSoUExPMKR0j1HB1pX/SB8MIjpIQpS8SvnJEnS
|
||||||
6lMpOEBlW51BMdYxSE+PJh+F/Q7Bpnwnf5BJDkobeoKdTrItu24krFJdMjakZmwN
|
B9Mws5F5QzGEQDWg8d/wVia8LaEDehtPXeTx3FZVjfJCMVi7SS61ymg5vbZI0toR
|
||||||
96yGH0C80rtEHHn1A2/MpgBnCBClsJx+HRdp8Tc4552uD2mYYahJmrKzh7euqJbV
|
mCmNh1QkD7lGYPyKfKXjDzM+m6dPf0NYj1etMRxaV3yEsFaOo5P8oi1ewzY4xr5/
|
||||||
jgCgJtL8RxBArNsDiWCCe2QuKjMCjpstuP6xS7RDMVkB7U//IrIa3D1RqQOEYzTP
|
jISkL01xfupeqJSiVnuYXgSDbnKj14hA7DAbsQYsqTevCRVeickmdS6yF7GICOrJ
|
||||||
s9HngMBuvxj6T1iHBXPYIzqr/cHMPtXd/1wJIPpICe6dThbJruPUAyg4cO/bPy1C
|
gqo88b/Aju9gU+6pzaoZCHm5GAszHouUqTWukICPqAIChRKrQRF8eaj22q/+PBS4
|
||||||
UhxWyqLKY3i3OyI9YvlXpNEyordqgVMuA9SYnLB9M7es+MjKMcHFwG0zX4hs6Qaq
|
3/BzHaRNuZvh2PElshj96dlw2f9hhpkYkbZBElMYidlEe1iRalqWmKBaCYDdoHkc
|
||||||
Bozf51pzogZcjIuEM+sl54IwQsAnAWcpNGRPNtzIKf8LwEihJhfkOCRFArbuIxzB
|
x7vBNtYxkwwUUMz+NIGZPYtyeS/1k9rx+UErad6XDir1/jJK6ICzmYwDJydFRVmR
|
||||||
8Am7CMkcQLTqN4jckdYfSELK2pUfLgV73XMcmgtUz7/NugpdvcIpByLmSz0+04L0
|
pwzhsmyDdrTRhK0wvClO/QBc55ZYnGa3ecKRC7Sxb2qYsCZzgABnuRAavdmzf4F+
|
||||||
/FYWAy5rto0c5HDkF3tV+88EuThbsuYp3zQpA7QP9eH7TdZqnvE6ouhQhmxUR/99
|
WoHubjO4vYUswoaV14r5tO3HgS9JkRDzPfK9BfhyeE/9XfUfkNdYVMw4oP/uFkJw
|
||||||
4aZHHQ7sIbtscmyU9eUo6M8pCHpk7tfkp8wWQjoo99oyxE/1qfY58BonaQ4+E/mF
|
aTtVmy9txhsTAQ7yCRKsnA9Itnmu8IQfYYU0MwLK9p93ABORmhpEbzZO5pW/l22F
|
||||||
AgwDAAAAAAAAAAABD/4v3+2tYz9hkNRN11ubHqYDkLT4PB1+2YLxXUJlYr44UWkl
|
AgwDXjg0p2IN1X8BEACQPAKN0TVUzxykhMW1f57HqHfMzNZog9K541Sj9sbyd2fQ
|
||||||
JLv1jwGdLHuGiC/nF0YQpvEU7+yMnz8JUKU1S3vdJxFm3t1qvx57iSPCgs04/9rI
|
24Z+UX6IZ1I9VOZmRY9ffTjZTG+MUa1jSk6A9BMb9s5c5+PH2bzFxpXcSWf6QNyK
|
||||||
sQHdmpYd1ejvRM7pVUrUvXFEilWxCtwU4JnSH5IlJ+43srgC2vmlIld8/oyghwc3
|
tY3MmW2jLxqqYfUv/ZnhbfPK4P2846HpkVVZX/lmT4JuHa4t8UFrEeBmWbJfbnL0
|
||||||
9KeN1iFabBcnbqvxdL0WCfEipFJh0gI0WeM9N+t0MahbAm2MGIkj9ZMJ9O+XZX0P
|
Fcu7TDVmf2+z4ArevFUPSCL/ALluYiMqASqvw9acYR7vIjoyjA2o91usOF2Q4oO+
|
||||||
MgoHvfRnkFrSYadTzXX9/gF0N8GGayY/AVgcFFJIn1HFyxoB1gHP5F5/GV8YVpWP
|
QmhaDCm08fvftUDJWCKKmFK49s5jiVr6Fy6E0QUZB2zcaCv6VoTJzxVhCCi2J6rQ
|
||||||
W5o/v5NKYmS22LJQNdFNCgUtjjrdmeeP5SIOCDTytJEahWtlZE4xgmIfHMlbS9fX
|
fVCG1s6k+QVMTQxsIBQM7jmU7XdVPb+hSTFbY6kmn0ijhqLt3n0/JVZKz2y80Mti
|
||||||
c+/pSAakV9Nz39EDUUlMAyj9uoEuE0RDaSRIIzOEvVJmCy40cczpbux4vRE55CBb
|
RYQXvIlKL2lBYy7Fz30TWLoGTmGW1SHS3WmuMv/VPB7o1iqmmjTcgkaHWEiIav5s
|
||||||
Kpj4IW3NnRavXucVt/gtSp+jz8IEpxGjTbgAMxtTi88XZkE2mjDjH0wXGm3Cdr8E
|
j7gLBytITp+yyVm5CBtSMhS0J9gaC90vesjYBNryFRhszTZuO3VzgKspvWf+dIQS
|
||||||
+cG01WXKZnV+Rw3EEthyg9A3Yhl2dCXa+9xeuIbM7R5Ay+VUmkcuhrPxhyCMA5OT
|
ATn64C2XcjIhw6BmAzlaGcieoJrtmi/+ukCyM7Ri2l/WlImUBAKUvIsd5M7PzrRK
|
||||||
+1StnHTwC2qTJnhfrgnEsRAetu/q0wGrWVj7+/2sfLgABuqqByX9l3N3mRyLG3ZK
|
R2dV+saJIb6VoKAXerh9oIvFUPCFqTRqCauRUTTSp35u6kilnKRDy0USiRvQ8owr
|
||||||
HUwPYoHis00J88P2h/5q/Fg9QB6ShsOhv3kvGpr5y3vBpQ9aAwdJcg6fdSzvqNRo
|
NUuT3ZKRNaGISgzhxCOULGKCcOUxv9A51UF6dlwNLWgKp3oVqKZqW6ZJkdE76NRo
|
||||||
AQkCEJL1gcVBMb6aiPKDqR1QRH6pNh7qHm9DFem7xd+5CcgF11ONq8/vlAY86ENo
|
AQkCEDi0uiaPJsm+SJ2PyYSTxKEkWIY9kW6OwZ3kAk8Vn0QeNiojLok8kOGs55vE
|
||||||
SRqFBVYU+00cpzF+yE589J2h3PvNLpO/u2C9J5rrmmvTp9WRnvJnzW+Y521ZPQAJ
|
jlVBnm0tFjALwAfy6H0EOvZcolOdq3+E7j1abgR+yC5RaorwR4rkslpYHsBs9J8Z
|
||||||
XrZhPjnaDkE=
|
DYAMMrBG2A0=
|
||||||
=P5CG
|
=wybq
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
||||||
- created_at: "2024-10-18T23:02:46Z"
|
- created_at: "2024-08-03T21:27:12Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
-----BEGIN PGP MESSAGE-----
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ//W/yyW7xw283FVjRldWn0DcdYmU59yL4qxFyuWWRfFTng
|
hQIMAy5t8IMoPu4VARAAhMkGlwiYmzonAe4DD9dOn0GkD97bR7fhq9Un+EAjJx73
|
||||||
kfGc+9DkPdCBwWKQsRzc3sm8b4hU6dRL2BTRysUwc2V6QDkjGZsR/jhpBtNjB9y3
|
F7KAP35VdYoa2iZT1Zbv0IJSBcqKfSgaWMpPqzJNq5FKqvYdyytAV/CSybgODtn0
|
||||||
FbyB3KKyCOl89ADJBY+WgBuqUlHdlqyTlPDCNIQfFngiFGNQd3LZ/6fToo8ZeA3A
|
zZUfLsPu8C1yD7e4TiJcL2ABlll5yU/HwYBJm4rqEl0TO/ogXd4Tj05aDRkYtiDz
|
||||||
jLQA/ZB4t0umccc1O2tyG6j5/UjtSyfUrHyMahDEZ9umwsJ/xmTxT/cHVJA3tYr6
|
TLLgmNEeq9Z35ir/8Od8WtdjhCVq9RRe2NnE+PT2B+EbT5GFq2kYCxUbdRP8FjFA
|
||||||
WAo2ZD9qJxB8knYM175E9g+4I1ZI8xrTDuXOecxXW4zLELH0RyPxNkAwCGI2L+fH
|
81RXxbRGm4coBt6ReGBaMr38PTI7wPcJ8JqecAyuX4jjMn8CWi3DIIlHz9cTmyFo
|
||||||
7CZvgxRjmsgGXK7Y7fg4mj4YLqkKkuiReUIU4DACdkVlKHTD+rkHynnOJGqn7FYA
|
HLpdM7K8iYGvTk0LJMQHlUbPSvXLlBUk/WXHZyTR2cmiS3mzVKA/zffNjCpUIAF6
|
||||||
D107J94rZpXZTsbpu+Sp93fzbac4tmSZmXDcfY5aYQ9hdvX+/MkInfmcpMVoYmIm
|
8EsyKBfXxMKT28q9d8D/rWrAMHjKYlEL0QxCdw036FN6mwn4d4auDG56FC71+FvG
|
||||||
2xghVNii1MUqaGtvsLgXdbIGoCH6ylQA6eCWOjBISFkGgzQQKykV7PxA7QjluY35
|
wOJxbuviOgok6NZfWKqx0IGXcOQMcL/bCkRtdiUux4WVyj8OgJZJ74gqgK5LEDzD
|
||||||
0+vJfHCHriqee6KTJVGoKfgFswZYGsD/tfV4llQLQg8gmdBblBWizEp4JhRI0ZUn
|
lg3vHQYMqD45i3ig8rfhiK4fKOAIa4QDNXbyWqt9oCh3OwBnNSte2hc9b3szrSqN
|
||||||
iC5AJ9KJAmDImS/tS1hmlFBrWOFSm5NkfwYBZ8A9lKnfX7TcY1Cx5ixeNjKOHINr
|
g0X3eDwuI2EA1qc+Y4PJuz0fXWZBDT39AA99Ruv7v4BvnzvC8DaUlebL7Ky4/dnp
|
||||||
zyhDvVgokewAc8/ggI0yE7QS4ekaeYcp9ezycSlL5/aUaNgf4EGBI/p3yG7Xwa/U
|
279MToEiE8yFGx4GVhNKR1jSez7I+UoalIkq3vvW91jZIeE790EGxrkT1Gp6lITU
|
||||||
aAEJAhBONeevknrsrKbLCNpr1qIfR49r22EFRNTkk9HKbrau9VZTG7eQRZN1UglG
|
aAEJAhDyOpEoEYc0/XA8uq9BY9bNUshm9ZVS1Kg00im0LE4jxLG0n2Nr2k1NNlv2
|
||||||
btfE/KdfUcz5+YnroPF3Dc5Qpjwzzi4SYLUgOwITBvzOfxkRg2MWqlUza5C+Qjgm
|
tF/5bV0D3CCSzc6CVUSqlvBJ18XYw1gpCuBJsY1ylU8IKbZEXNuwCsJJNleSCsQJ
|
||||||
ueCa0/OcMKbb
|
8mGx07XqhVal
|
||||||
=FxSv
|
=aq7o
|
||||||
-----END PGP MESSAGE-----
|
-----END PGP MESSAGE-----
|
||||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
encrypted_regex: ^(data|stringData)$
|
encrypted_regex: ^(data|stringData)$
|
||||||
version: 3.9.1
|
version: 3.8.1
|
||||||
|
|
|
@ -1,25 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
|
|
||||||
apiVersion: volsync.backube/v1alpha1
|
|
||||||
kind: ReplicationSource
|
|
||||||
metadata:
|
|
||||||
name: "${APP}-b2"
|
|
||||||
spec:
|
|
||||||
sourcePVC: "${APP}"
|
|
||||||
trigger:
|
|
||||||
schedule: "0 0 * * *"
|
|
||||||
restic:
|
|
||||||
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
|
|
||||||
pruneIntervalDays: 7
|
|
||||||
repository: "${APP}-volsync-b2-secret"
|
|
||||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-zfs-mainpool}"
|
|
||||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
|
||||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
|
|
||||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"
|
|
||||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
moverSecurityContext:
|
|
||||||
runAsUser: 10000
|
|
||||||
runAsGroup: 10000
|
|
||||||
fsGroup: 10000
|
|
||||||
retain:
|
|
||||||
daily: 7
|
|
|
@ -1,74 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: ${APP}-volsync-b2-secret
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
RESTIC_REPOSITORY: ENC[AES256_GCM,data:FgWKr+aNrb73J1m89nSL0mZ15c7sqI8+Zsc6PsfNccNx2N+ZAlEsSlyl4YgOKgKO6CI0CVglkA==,iv:uLqzK+5jfF3g/2jDFf7uSXudnAydfRTI9UhQxfBwIbQ=,tag:JMnC7YnuaLqWbGgXXjmHbg==,type:str]
|
|
||||||
RESTIC_PASSWORD: ENC[AES256_GCM,data:KFVHg1tT6o7TvifVT/RWPdbbtSh6WoIx68eGQ8uuGRE=,iv:XRJ2iQWrcLELy+2ACcJi2IDV16L6yA7qBhk1xmU+y8c=,tag:FpkUCPMlY9+GEvBwWvfn0g==,type:str]
|
|
||||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:Cl2VoK3FKQdbmYX6CZrSTZBLHMIgR/6HtQ==,iv:CsW/T56z2tn+VLzWItTmm0QfvrztBNrVUvzF3+0thbk=,tag:ADDMdb6EYFzGCNCPomOa1A==,type:str]
|
|
||||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:+LbMKuEQGY2926sq726xeRpLlM07BGAMiPeT7HLEPw==,iv:C/mEPP2xsQI72AGtKjaCEHdYAC898QbB3wUpIcomN1U=,tag:pRF2oYFythF7b/WwysEjZg==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2024-10-17T01:29:44Z"
|
|
||||||
mac: ENC[AES256_GCM,data:i5zvyCogUkQiFGKvVjh5w5fzoZTBhZRlbiTq8MhWdD3UB8Bdi8gUd2RIk2cti2rpGq+iOPowpquIGVnItirES07MQ0cW9cnS7Lntp6cNerv7mi5SV8qhAvX+43qnDsvLWfxKI/UYyEc84Z0GCT66EdlWhTk/jGrTrYuF1CLaVo0=,iv:XbFwq3GBEMxBWoJNHUxD53ws5TCpCpzclpcBGzSm7Hk=,tag:Uwmfd+Kxeihm0XSRfbM27g==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2024-10-17T01:29:44Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAARAAjTJUSRR9PHp8bSVXA+TgBgV8XcqW1R0T093FTCiHJR52
|
|
||||||
onK9p+nJ/z+FeG26wpWpoc5VoaV5vgHY5MMX6t9EMXU99XPdnLOX3myOSF4UHo8P
|
|
||||||
YG8eXuOJL2IXu6Ch58Y2W0ua++heep/bLBua8oIHDqFZyuFcmo1U2NdtrpfEyGXf
|
|
||||||
8uQmUYuCHwigYWbKYqzCBIZwOpRV09tLF4Xwm9f8bEVCJv09k4befiJS6mlgjKHY
|
|
||||||
9VzUA/Zn/ZC7iD/MuMG+Rd6yEE6DMxcBahM/bmFKKJ5S4Sax0Ij31xR1jh5jZ06z
|
|
||||||
AdmVz9iGcjAVcC91nsZcBttXMwCNAn0WvWRcTG5SgJQ0U0LdTp4Gnjf36zDOpqOp
|
|
||||||
5NgTXptL1bb16EOeC/uHjq35MvPxMfUzkogkwv1P9J9Q2NaGR337N4GwTpKPNa9A
|
|
||||||
j3C1j4WPSs7/N2OeeUr+KDcHFCk7vvSWblQcZ0JtErA0XsSzYWwfahKHt32fomTZ
|
|
||||||
ncCb/RvllQfafU1tPLco1JM08wDutTEcO11roVmItaUsuxjj+X8AgLBMnH1ajg2F
|
|
||||||
hbJQ37C4JFUN155VQpvUG3i+jS/aHHgeEagy2AzJoaFtF5/PU7Y14RD/F7YSD26R
|
|
||||||
DTSq2ysghtFXlTWK3BjgoG4nc0IuFyh1x2iae2/Z8HwkDC8o7IhtItzWnqVXQtGF
|
|
||||||
AgwDAAAAAAAAAAABD/9r+6dhOYiAk7V6waMcArG6oQo5vffFI0b1165DmHss/KNg
|
|
||||||
zWX3FMccAi8OscYavxe97ESETXN77Ix2KEz2xbh2cqzgZN0qzqsgpqCR93N5gHKy
|
|
||||||
58ITR0+fUq8xWK/YcSDU099Kj7M8GL5rVl00a6AFpJOni21/cbBusRlSP0tBlgnO
|
|
||||||
VgLZqCk3/+i4P53+XSppOR0xjxaXgihPqrOaEwRk5DlJCSHWCUneGIiNJs06KV/D
|
|
||||||
TX0qMkABKw3ljkTzXT8uP5qG5VhrgC00r3DQPs+FZy+O9Fapsbz0z+QTSetsxCzW
|
|
||||||
oNQFu/0fttfbPiMHLyrOx4I04h3Q3vqM6PfJMc/70larlGmpQQf9qANzbDDW5sj8
|
|
||||||
5rvV9JAJ9/YGnAIlOzuEehoY3fmyfDTWwF1aGt8oHjlTKSL9KOh7vPyso/HoCzrt
|
|
||||||
cSpFsxrLdryrSAyb33NLVEQrDCH/WPqnChowwt+1o6OPiHy5R21r9Pt7BWRVX/AS
|
|
||||||
T6DEXXpLicYeJABFT8U+emXLBPo3fMOADLTnH48J4PNlCiWObDGOPBT/4e/n07wf
|
|
||||||
9GidDBEvCDOftOxaK2sGpkJ1ZDFZuDUaizP1Vu1NVl0IVj8r1H8a6C1y7qIEDyST
|
|
||||||
1MH5GrabRX6MfFOjXd0NFmXuPchXxBqwg+ZCuqeSWbVQA6TlJBHE2CY9uQTZa9Ro
|
|
||||||
AQkCEBBUfKvzmguNcG4GxZFeqK15yj2FYFLIS3duuUbaOAz5etAHadtB0z+cBwPt
|
|
||||||
Z5QwxEU/8Uf4JxzMSWyHVirPgxYGd0LWbiV1shiwm81cudQtpSOJeV4wYE1y9rZP
|
|
||||||
uqtwSypCwtA=
|
|
||||||
=Gd8M
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
|
||||||
- created_at: "2024-10-17T01:29:44Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ/+JzeuokOO0qdLb1HmZoNiL17dYHUFGBLqs8td4uNJRhwQ
|
|
||||||
CafrelpvuC0KhpEqxnfmsnBgZkArpzabtQN2VipkI3+bJFnBftyzXr84UTeM8MzX
|
|
||||||
DYs6JNQ4+LujxAN0h1K17wTw9HL2azujfhC+IHmQog7lOg7DlKTIk1NuVfG6u/bt
|
|
||||||
AJYJfwj125UU+eHrAPmg1NBYbPhvqJbEC3FZ94SN8saNSRazU7OdXDHoiz3ZWisS
|
|
||||||
SgDgesTeS+MZev7y1TdlX9XIs4X/4xdaE/DLiwQSB/n53lghyFj8cDu/n2oIh/Uf
|
|
||||||
APmlQ/CPUXXn12RgIb2hZPfdBieiBSekR71iC8ZXptm14BoycTCzX/lN+rYmQbH4
|
|
||||||
GNY7d7IPZUO5+jXXAaTtM7rNS4VsEDILN8aTSgrxNoD1HoeB76po8fvaVNnh/FuA
|
|
||||||
5a8LEDeNMzYwJdWLsnUudtPCofQmFRyM78JLj47Bi0ovhWLeN651sgG8/UEubC3x
|
|
||||||
VMoTDUO+MR6P+YVvla9hGTp2k+3bVjW4nNT4OL7aAflYmbGAGlLmRjeLV5HmEMr3
|
|
||||||
ftYSdIg337Kj+Aw7mpUuFXKCn8hAbxIWjyeA/L0xEhnlygBVCeRCWyABmdztXYyg
|
|
||||||
1732VWWiT3wyMY6QWPL9fyVNKv0rNl+76xwzbbtiXtTVZuL2OEqlse4rXzxbbZvU
|
|
||||||
aAEJAhDflMnNROqHuqiqOmm85rN/Hkdunmt60dq3fz8ROhNJwD8MN1sMYcSZAe+B
|
|
||||||
LlP/sYD2M0Vt8aLN041GstmIfq2p5hAMMKPnmo+IxHfoGUnVi0UbNbOF2lyRm1XT
|
|
||||||
C0IsI8I1ccHR
|
|
||||||
=KrSe
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.9.1
|
|
|
@ -1,9 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ./backup-creds.sops.yaml
|
|
||||||
- ./minio-creds.sops.yaml
|
|
||||||
- ./pvc.yaml
|
|
||||||
- ./minio.yaml
|
|
||||||
- ./b2.yaml
|
|
|
@ -1,74 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: ${APP}-volsync-secret
|
|
||||||
type: Opaque
|
|
||||||
stringData:
|
|
||||||
RESTIC_REPOSITORY: ENC[AES256_GCM,data:JQZci/kqmOyRURSMmPBJqrzaJN0xti+BZVgbcgHC9axiq0qoNrumJHGL8+ffyd7q,iv:nG1cokfJKkmmMuwch64KxQ4/eG6OE76pypQFqUDf650=,tag:xr3DhMBsWFf2cjrPLRC1AA==,type:str]
|
|
||||||
RESTIC_PASSWORD: ENC[AES256_GCM,data:9IOyIGO6TCoeRserdXs6V1vnTBI2n65ChqpBECgX5Kc=,iv:GCwhW9pFAx8GwvxvR81s3+Ippt7YPYVSSVuFmKMjjdU=,tag:YytjzuPbkU+Gh0h67eS76A==,type:str]
|
|
||||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:MjXpPFMdpxyZdg/sHhp50g==,iv:r5bHD7usqnY3M1jn40CG79ed6eOiLRJaCNHDGyixJ2E=,tag:pFRELVZmsS9/HztqAuDc8g==,type:str]
|
|
||||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:6ZQwXEXSyMQGZmnf4zEVyCzeWIZKoshheIgu2WLmDeU=,iv:+ETwZmOJaDlH7CC+zNQc1NqbOfoVV+jT5zPEP2cCA0Y=,tag:l1V2LHN0RgeMSImga5zDaQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2024-10-17T01:29:50Z"
|
|
||||||
mac: ENC[AES256_GCM,data:6acDu36pbKhN3j2k4XkOU1zPlT1tGWOxwtyPKEDWLu1FMvL5Sk/xdJh8OT0MqNsgagO2bk0kvgHh3YhM3NErXalJx0HSwCUOKpHikN2OMQg02X+u2zUMRMsOblkzZWfY6XWAQD0PWxpnAV9ndVtB68gPCN5lX3Ios1n0zzqhFNk=,iv:QIlc3hiCsrQdM0LBBVqYau9QBJxVyArG1o2+3F6NgLA=,tag:wqaWWnLRthJAqfRKyl401w==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2024-10-17T01:29:50Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAARAAxDMPYaG4/Vq1UZnM2yx9QXu6D2ZlnAg3/A0xu8rbbise
|
|
||||||
YPc+PEIjvzXoQE7sFmcLCjPDWU23Mj5jMxq9QLt05cpt9EGMyvcGEqmYEcZFYalI
|
|
||||||
ROgc0rQwg57hkqA6JJRExtJUfqB5MQSS7BqkCtrUvvxZNq340l3oBzLXBmE9vS7C
|
|
||||||
JYqiNx8eJfv7AcVow5/R8kiFBCqI9VhOMr8VxNLcX5iA/pdL3HaQXph0LN3FvBmF
|
|
||||||
cPLHdooHODgR77ucYiVZT+pT5weSLJ4NND8VgAw8oN2vJ3xCu4G2xIcWq3q4u9SR
|
|
||||||
t3brI9qZcxN50PcJhNmRQVDLm3zXWoHTJ8/40KgTn1luRx+VaQTSzxjCe+KComdD
|
|
||||||
mFnma1lWIyji7JkCe5Mro5YVocInZrNACdVHmE/tl5qhSM4Qv1OBfTPYeMoW852z
|
|
||||||
7oKxgnfluKqkNjnWDL6yCaHvpJFDbYz3wqfa2D+Ci0t6BNp7vA0qWTxRqGzXVKc9
|
|
||||||
YRz1QE1AIoQ8Y93UVJe6JBODgbtZ11FuEJsIJIeB3SXF9nzP5n+jsP/G5kA5P5vj
|
|
||||||
IfwMTblIZ3dov0uZXhg6a3aSAGn2VcGLoxvK/I96c2VYvY9LAA4KJz9R8wDTagFg
|
|
||||||
+HEe3BgXkgrnNVD58NLpYOBbch+hDuqkuGh+a5qqFZ3h2yySwEWy+6bcnqG8yQWF
|
|
||||||
AgwDAAAAAAAAAAABEACYFHrG0SrtyiykAqyf/dMPZ35fyI7aHfr4ABZNMC71Kulu
|
|
||||||
haAqOYWgkhpjQvTe9PqMI6EtEJGya0iVkTtNLV0O2B1/8apXz298xxaR7S5JPpAI
|
|
||||||
+GKjugAB9atRnf69FkN58PNcL8TJpNsrR3CiOX6Bbjc5DCkQMpDIgny9mO3mwlHa
|
|
||||||
xvaS9o3DYgo9UvKWptvpiJKC8ve47eX/cQmUZjPMpUGUYpUGSeK8oJGQl4hgAnC2
|
|
||||||
pXz89ZTM0rTp/YW123wO4OPvJ4lMpitzG73Gbmd1vUOk+5IpVaI+q6a0VYXVeAEU
|
|
||||||
ol+l84h5jhNSR38sYfTD9fCzXvK/49sBhf7kWG+pH6dnmpO/hqXMXOREXlnkC10m
|
|
||||||
uU5LieRX0otYgiPs9pMCSLRSa1my8UsHNdM6eVMsn0+Ji7UFoIYAnq79cdVeKDHN
|
|
||||||
Q5YNF+i1cKPnNarIU4XOqVny7t2YE7B01j3PDYbrp3W5yMAoAF4j9uQ8h7XEX7y4
|
|
||||||
SlKO8HYcuYTIWcTm+L8FTZMVrQS2cn9HnyZfCxHHD4vbmxAO6hmWodAJv1rFBLYj
|
|
||||||
yO/4L/MyEVCSnE94vUudR79oQ+6qJOWZypfCPiqn2HVDiHvmbf/Iwc1v+v/GZkFX
|
|
||||||
6wTqkJ8oi4nGuFU0AfYJG6ENEEmz1dpvnXLIy9vDWq98vrBPFrqOnrTgd6eQQNRo
|
|
||||||
AQkCEHVlPi7Sn/dhXhcIgGiQzV45MPoo47FSQ+AjjPh6tzIZPj2dcDDdM7TBYGsF
|
|
||||||
KEknmv9JOX+Web9E9O+n9uJY6RM5zWsf1JNJ5EGMYgQ54wwgoO3DRs6ikg1Bfozb
|
|
||||||
rXV9iM2Pens=
|
|
||||||
=jPuh
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
|
||||||
- created_at: "2024-10-17T01:29:50Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ/9EfpjOanGUTYg4qCnwmykiGcEqVmGSj9+aJ4PdrPcLuqe
|
|
||||||
IiZavUGQXhh9kviR8oRRXzwpQeyWQmYNdeKjL1f1sj635I0e+quSh5Y21UsBjYHm
|
|
||||||
EP2JnmTlDAWYL02FKrZ9OqSfeoI2tdObWjBzC5cDnUiIbJ40abuFcI3wtNqx8MZf
|
|
||||||
x4V9j17FYejDIRIShSzm95TfVbcadX6BAsDHO7zjpgi7jtpeYtBa/7/s+dHyiPoJ
|
|
||||||
ZWQ2HD4fzRtfiah1sJl9GrvWK+BAyRkbO2C3Ob0nNTWjujWYQkJYhQb4f5DYbMka
|
|
||||||
B481UqDcj1hssTU1w7TmaYl2s8QxwSdfa1yIm4GaRofmKW67MMIynksFRPz40p+5
|
|
||||||
DWAcDoRshY8yi+EvSMUA0h2pstGo0kV1zqYwkDN1Gl2/D5zn2SnkbKuytLAzjUTe
|
|
||||||
sxWf1TTqXF4bvfVGIo+It6saIfMOKtUeIxnwbc+6lb95Ah9YEaMY5RtAmEgMF6m7
|
|
||||||
+c4+NyGCJ/A2E26pLDOWf1TwbomlqwR3ertq744hLgOja23DJgMhZDfSWjjwVj79
|
|
||||||
vDj9E5/3HRNOrC/J0HTaqq6wxh5LD8jY/INNi3+BDWWiQ3YJ4c7kjwgrwp297PiS
|
|
||||||
QtRQel3QIlrdpQSydDs3mhWs1RMPiCzkjatq0eQVvl/zkxlw1qpbslPEpOR8JI3U
|
|
||||||
aAEJAhDMV7aqU+viKvHsxGgEEDyfd2Mj1/FQtE5OA5+9GL/Y42AyV4fFct2bdhTO
|
|
||||||
+e1Ry5EE7Y8PMK9/HAjn78XY4hkqf8wIPaooL8Poq6Lq9Ylt+KVq80IFYgS8LXOS
|
|
||||||
nYrbk7kpGaUp
|
|
||||||
=n3YG
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.9.1
|
|
|
@ -1,51 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationsource_v1alpha1.json
|
|
||||||
apiVersion: volsync.backube/v1alpha1
|
|
||||||
kind: ReplicationSource
|
|
||||||
metadata:
|
|
||||||
name: "${APP}"
|
|
||||||
spec:
|
|
||||||
sourcePVC: "${APP}"
|
|
||||||
trigger:
|
|
||||||
schedule: "0 * * * *"
|
|
||||||
restic:
|
|
||||||
copyMethod: "${VOLSYNC_COPYMETHOD:-Snapshot}"
|
|
||||||
pruneIntervalDays: 7
|
|
||||||
repository: "${APP}-volsync-secret"
|
|
||||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-zfs-mainpool}"
|
|
||||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-4Gi}"
|
|
||||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
|
|
||||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"
|
|
||||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
moverSecurityContext:
|
|
||||||
runAsUser: 10000
|
|
||||||
runAsGroup: 10000
|
|
||||||
fsGroup: 10000
|
|
||||||
retain:
|
|
||||||
hourly: 24
|
|
||||||
daily: 7
|
|
||||||
weekly: 5
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/volsync.backube/replicationdestination_v1alpha1.json
|
|
||||||
apiVersion: volsync.backube/v1alpha1
|
|
||||||
kind: ReplicationDestination
|
|
||||||
metadata:
|
|
||||||
name: "${APP}-dst"
|
|
||||||
spec:
|
|
||||||
trigger:
|
|
||||||
manual: restore-once
|
|
||||||
restic:
|
|
||||||
repository: "${APP}-volsync-secret"
|
|
||||||
copyMethod: Snapshot # must be Snapshot
|
|
||||||
volumeSnapshotClassName: "${VOLSYNC_SNAPSHOTCLASS:-zfs-mainpool}"
|
|
||||||
cacheStorageClassName: "${VOLSYNC_CACHE_SNAPSHOTCLASS:-mainpool-hostpath}"
|
|
||||||
cacheAccessModes: ["${VOLSYNC_CACHE_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
cacheCapacity: "${VOLSYNC_CACHE_CAPACITY:-8Gi}"
|
|
||||||
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"
|
|
||||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
capacity: "${VOLSYNC_CAPACITY}"
|
|
||||||
# moverSecurityContext:
|
|
||||||
# runAsUser: 10000
|
|
||||||
# runAsGroup: 10000
|
|
||||||
# fsGroup: 10000
|
|
|
@ -1,14 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: "${APP}"
|
|
||||||
spec:
|
|
||||||
accessModes: ["${VOLSYNC_ACCESSMODES:-ReadWriteOnce}"]
|
|
||||||
dataSourceRef:
|
|
||||||
kind: ReplicationDestination
|
|
||||||
apiGroup: volsync.backube
|
|
||||||
name: "${APP}-dst"
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: "${VOLSYNC_CAPACITY}"
|
|
||||||
storageClassName: "${VOLSYNC_STORAGECLASS:-openebs-zfs-mainpool}"
|
|
|
@ -1,4 +1,3 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
kind: HelmRelease
|
kind: HelmRelease
|
||||||
metadata:
|
metadata:
|
||||||
|
@ -16,9 +15,6 @@ spec:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: authentik-charts
|
name: authentik-charts
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
dependsOn:
|
|
||||||
- name: redis
|
|
||||||
namespace: database
|
|
||||||
values:
|
values:
|
||||||
global:
|
global:
|
||||||
env:
|
env:
|
||||||
|
@ -88,7 +84,7 @@ spec:
|
||||||
enabled: true
|
enabled: true
|
||||||
environment: "k3s"
|
environment: "k3s"
|
||||||
postgresql:
|
postgresql:
|
||||||
host: "postgres16-rw.database.svc"
|
host: "postgresql.database"
|
||||||
name: "authentik" # database name
|
name: "authentik" # database name
|
||||||
user: "authentik"
|
user: "authentik"
|
||||||
redis:
|
redis:
|
|
@ -1,26 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: authentik
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
path: ./kubernetes/main/apps/authentik/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: cloudnative-pg-cluster
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
|
@ -3,7 +3,7 @@ kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
- ./namespace.yaml
|
||||||
#- ./network_policy.yaml
|
#- ./network_policy.yaml
|
||||||
- ./postgresql/ks.yaml
|
- ./postgresql
|
||||||
- ./redis
|
- ./redis
|
||||||
- ./minio
|
- ./minio
|
||||||
- ./mysql
|
- ./mysql
|
|
@ -1,37 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: cloudnative-pg
|
|
||||||
namespace: database
|
|
||||||
spec:
|
|
||||||
interval: 30m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: cloudnative-pg
|
|
||||||
version: 0.22.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: cloudnative-pg
|
|
||||||
namespace: flux-system
|
|
||||||
install:
|
|
||||||
remediation:
|
|
||||||
retries: 3
|
|
||||||
upgrade:
|
|
||||||
cleanupOnFail: true
|
|
||||||
remediation:
|
|
||||||
strategy: rollback
|
|
||||||
retries: 3
|
|
||||||
dependsOn:
|
|
||||||
- name: minio
|
|
||||||
namespace: database
|
|
||||||
- name: openebs
|
|
||||||
namespace: openebs-system
|
|
||||||
values:
|
|
||||||
crds:
|
|
||||||
create: true
|
|
||||||
monitoring:
|
|
||||||
podMonitorEnabled: false
|
|
||||||
grafanaDashboard:
|
|
||||||
create: true
|
|
|
@ -1,8 +0,0 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: cloudnative-pg
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 2h
|
|
||||||
url: https://cloudnative-pg.io/charts
|
|
|
@ -1,76 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: cloudnative-pg-secret
|
|
||||||
namespace: database
|
|
||||||
labels:
|
|
||||||
cnpg.io/reload: "true"
|
|
||||||
stringData:
|
|
||||||
username: ENC[AES256_GCM,data:SZUXJOMnDmI=,iv:huI5AHvtfU6aCo6drbdZxJ2QwOGwKAd4CfSi8WWUQHU=,tag:fIETu/Yyx01raNTnmBt8AA==,type:str]
|
|
||||||
password: ENC[AES256_GCM,data:qlcpDS3RhNtSowFuMYlpL11WdR4tZK9M3eZug9TerA4=,iv:9d7ChBA4VcFRszCm3rfPJSYESK2it/dryK0TetDM2Ns=,tag:Z7EI76aBEltrUym/T8MuiA==,type:str]
|
|
||||||
minioAccessKey: ENC[AES256_GCM,data:CsmN8wuSLLOtiA0PWeaWuw==,iv:oRNB1nhRPH7fRf98exEZ7lGSpvqVRx4l+tQyjPU2rog=,tag:Gx9SRd2UnHNgBiVtalrHAA==,type:str]
|
|
||||||
minioSecretKey: ENC[AES256_GCM,data:gW5lUoSY2oTLhczB0CySIOadmrltk+zMpYJ6XPRQmtI=,iv:NfnjIwfILvCS99tUdHbCvJwztNPpT8ne4oAg4yOjgFM=,tag:kC6EKVPCGbQxwKySjkgYhw==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2024-10-16T23:46:50Z"
|
|
||||||
mac: ENC[AES256_GCM,data:1j9tp3Z30k3LC40djCriXYr78LLmSAUkssqBJgk/RKDt6eHbBPwtUhzmLewF8dSxo2shLl/jzKPCsL8HP+kHSvL9bCtrgDBnIEJabGISAHDTDBXkLB+uzVlfx0diDbX0fpZZNBSPCzFHYiebGqY1scUVsN1sBOPxUNrbIi9iKro=,iv:rYsu3+KPmuXBAp/ciYmojj3LEBL8F6PjwXQ1pmJVm5c=,tag:d3r+p29s4POVhCKeAal1cg==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2024-10-16T23:46:50Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ/8CSIYw9BE0BxpPpMtJ9xK6xTHIuWnlWAOwhugvLal6i5T
|
|
||||||
xPFPfRH0uJp9fhayw//pvGz+4JaoqjcHymxEVtqWhAlFRo1WZdllAx97svKySZpC
|
|
||||||
WxtpEZhur1iwaylKLUinxaltGxumIGD6pGw8VowlyFic944SKqgJAfM8myuddnAk
|
|
||||||
waWX8H4coSBFLOcsEavieKhOOrsd6D3ppzKNtvYFOb4BAy3YyJHkfw3N1zkraw2L
|
|
||||||
D5kdBBugLITYpZX8Iqj/UiOAOn05Xgy31p2XjsX0c3JGm5oCcwf+u3BgrVyHvYXN
|
|
||||||
Z2k7j8e5FbjaxOcBzS0rrrHM+yJahJfQOyCL4A7guISBlLYaJ+BHh3qg4kxhtCau
|
|
||||||
jHKjglj1Jz50xY9hnH/+UK9jhCMActmZmAQg45hTDynGr6NsOPr43Q6XoUoGUB6X
|
|
||||||
WbamAIbEnM9u6/Ve6MUkCxMBlA45pQc72v6j4p40aZDqoNWp0PTr4BcYfYvgJafq
|
|
||||||
MIzxI431+l5x4MAw4ZC14tvhKJX6wNqujn7ZZW8qFAixQwIBuZcogh8YrcLGqHEo
|
|
||||||
iTbrg2xRnT9C3npm+gQsk80h78sHyPlm0P9EAOCWjnRSZeixSjly9htn5sIKBS+O
|
|
||||||
yxWfQVDlplYv5V10roKxbfCzMIzHEeayyUaAQib0Z5RsYZfQkemT7zE/U8DftK+F
|
|
||||||
AgwDAAAAAAAAAAABEACy1DQRnTKLAY8UzS6xRQrauc82a6VzW5TDfiMGiXDZKa+y
|
|
||||||
9mij9kY7n+727YFZqZiUfEUpOL3pArj+I3PDSv2viPLWo0+1mN4stLt9SwMt+F0m
|
|
||||||
5DuoTCslrJpupoFxrw+N1uzI0c6UZtYFP5c2iLy3JLPlbCCAdbB6vLqDDaXko8J/
|
|
||||||
Mf/i5H5Q1Qqfa33NbdfeDkVU6yN+QlbFK3P42FkddUwfKHc7hBn0XpkwheCR+WIj
|
|
||||||
ocntnX6ksgbbZQmiISWIfBRbxDQaKQ+OIW72OxAY5g6/E2+mIOMraV2YC7zfT/aO
|
|
||||||
zARTjdoV+hknKlv788i4JBN569YligYo3BB/j6YAczp0V5KvF/4RmcDQYGXIWSjG
|
|
||||||
9kevuO/5uD82aQCkXkmrjyeNsBUQAFxjTU/ULxanMzud3bcistbejrGkfunuYune
|
|
||||||
bnPlMDwjd0Wnxv05fmaJ05K5W35ngLCa+7bsoTdqi4KLmWe/OQDOkbRL7awRfEXA
|
|
||||||
J2JqCiPfZeC+VxM+ysMIYMvpaTyQ+LXNbRRYpMXlHRlqkU2WXeM5vKwj0wqivQ30
|
|
||||||
mmffcBpTFBspHjO1Gz4asrZnoKh9IiPK/qtoi0EEKXQAPFV8AQcN7gtzCSUpASq6
|
|
||||||
mkL+uhjeRd8UjQZnGrZnhNOkQuwiM/pvoAODz5NgNgi5NBTnsgvi4rtXopiTytRm
|
|
||||||
AQkCEMbcxdunAlkuYk3TYUGstkww6uVItWY+9pgipjTEhXXDXdNvjpler7793AJj
|
|
||||||
1XSt0W1FGnpJUYMrhnMFgUAdDh+pCXkKnyk8bR6OlEnoDlR6AZqlqtcYUn8lIRq5
|
|
||||||
dXeV4tC4
|
|
||||||
=xH0Y
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
|
||||||
- created_at: "2024-10-16T23:46:50Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ/+Im71eAhkMXAiemDau+TBGU3DEsw9LrdmOPvODknhmUF5
|
|
||||||
kONOLSDoN9C4F36iGhFrnAFBa/Z/y3wgZdzgSdFZaXjZyja9aRzwu0eC5jfniR/6
|
|
||||||
r8MFHwP0OA9Vi66Iin77fzpl9bK7W/XY+KHtI6a6rxcGYcp8cqeeIRqUco8jPUpx
|
|
||||||
gTwaYyi3C/vzLdZhljQw/5TR8HN11P/pvDu4SGDhNMMEEZi3AphimExrbD9efXFJ
|
|
||||||
QYVvMlgN0X+CqVHmeyasXnsR9dcMoJXxz054BsPiRkJVPPQOR7+1lRu3h3gVfvym
|
|
||||||
ZzgMikmZArI+lUVXwppNHPRj9fVpqTq7GBuUrwdOCU9crXx/vi4+M20ocesRaV58
|
|
||||||
bZqzyV92fN8YeqLRkpHm3Mlf8HK9L/Rk4tdpD2MtL29uUlu8wEecLW0dLXx8QoLG
|
|
||||||
h+m9XOqFHssmCRY5QxHhtzk5BclE3X8iYZRns43puMC3ZZwdINqE8t9FOMJ0lZJq
|
|
||||||
Q2mzkpyo3ozCh8gKOOAO1McjVGdoqURSngbQgGmmX+qBBcSuHv03134aEq4aqYkB
|
|
||||||
F7g+9dbacs1MphuN5CaMRhOMY7v87KOQKtziVK4DcX1AsR8EoGc9TzNa1h/7jJ2Y
|
|
||||||
gfA0Mg1kAYdm9973o6PHV7fpJ/AS6xqvma9N6SaQJtyiqquXFU7Fuf0hNEsI1+TU
|
|
||||||
ZgEJAhCImWzfnwav7b6R9xzAYrwkkKhrHA4B4cG8XzvZfmWOEMvWkr+CaOppbVxJ
|
|
||||||
zg0KInkWzw0RU/NVx3bTrKOXwv4Q8vlswFaioA+eDkYEcMtqAiT3LEvhF5Ueqi6d
|
|
||||||
BhnMEZd1cw==
|
|
||||||
=txQ7
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.9.1
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: cert-manager.io/v1
|
||||||
|
kind: Certificate
|
||||||
|
metadata:
|
||||||
|
name: postgres-cert
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
secretName: postgres-cert
|
||||||
|
|
||||||
|
duration: 2160h # 90d
|
||||||
|
renewBefore: 360h # 15d
|
||||||
|
|
||||||
|
issuerRef:
|
||||||
|
name: ca-issuer
|
||||||
|
kind: ClusterIssuer
|
||||||
|
|
||||||
|
dnsNames:
|
||||||
|
- postgresql.database
|
|
@ -1,83 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/cluster_v1.json
|
|
||||||
apiVersion: postgresql.cnpg.io/v1
|
|
||||||
kind: Cluster
|
|
||||||
metadata:
|
|
||||||
name: postgres16
|
|
||||||
namespace: database
|
|
||||||
spec:
|
|
||||||
instances: 3
|
|
||||||
imageName: ghcr.io/cloudnative-pg/postgresql:16.4-28
|
|
||||||
primaryUpdateStrategy: unsupervised
|
|
||||||
storage:
|
|
||||||
size: 20Gi
|
|
||||||
storageClass: openebs-zfs-mainpool
|
|
||||||
superuserSecret:
|
|
||||||
name: cloudnative-pg-secret
|
|
||||||
enableSuperuserAccess: true
|
|
||||||
postgresql:
|
|
||||||
parameters:
|
|
||||||
max_connections: "400"
|
|
||||||
shared_buffers: 256MB
|
|
||||||
nodeMaintenanceWindow:
|
|
||||||
inProgress: false
|
|
||||||
reusePVC: true
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 500m
|
|
||||||
limits:
|
|
||||||
memory: 4Gi
|
|
||||||
monitoring:
|
|
||||||
enablePodMonitor: true
|
|
||||||
backup:
|
|
||||||
retentionPolicy: 30d
|
|
||||||
barmanObjectStore: &barmanObjectStore
|
|
||||||
data:
|
|
||||||
compression: bzip2
|
|
||||||
wal:
|
|
||||||
compression: bzip2
|
|
||||||
maxParallel: 8
|
|
||||||
destinationPath: s3://cloudnative-pg/
|
|
||||||
endpointURL: http://minio.database.svc:9000
|
|
||||||
# Note: serverName version needs to be inclemented
|
|
||||||
# when recovering from an existing cnpg cluster
|
|
||||||
serverName: ¤tCluster postgres16-v2
|
|
||||||
s3Credentials:
|
|
||||||
accessKeyId:
|
|
||||||
name: cloudnative-pg-secret
|
|
||||||
key: minioAccessKey
|
|
||||||
secretAccessKey:
|
|
||||||
name: cloudnative-pg-secret
|
|
||||||
key: minioSecretKey
|
|
||||||
|
|
||||||
# Note: previousCluster needs to be set to the name of the previous
|
|
||||||
# cluster when recovering from an existing cnpg cluster
|
|
||||||
bootstrap:
|
|
||||||
recovery:
|
|
||||||
source: &previousCluster postgres16-v1
|
|
||||||
# initdb:
|
|
||||||
# import:
|
|
||||||
# type: monolith
|
|
||||||
# databases:
|
|
||||||
# - "*"
|
|
||||||
# roles:
|
|
||||||
# - "*"
|
|
||||||
# source:
|
|
||||||
# externalCluster: old-cluster
|
|
||||||
|
|
||||||
# Note: externalClusters is needed when recovering from an existing cnpg cluster
|
|
||||||
externalClusters:
|
|
||||||
- name: *previousCluster
|
|
||||||
barmanObjectStore:
|
|
||||||
<<: *barmanObjectStore
|
|
||||||
serverName: *previousCluster
|
|
||||||
# - name: old-cluster
|
|
||||||
# connectionParameters:
|
|
||||||
# # Use the correct IP or host name for the source database
|
|
||||||
# host: postgresql.database.svc
|
|
||||||
# user: postgres
|
|
||||||
# dbname: postgres
|
|
||||||
# #sslmode: require
|
|
||||||
# password:
|
|
||||||
# name: cloudnative-pg-secret
|
|
||||||
# key: password
|
|
|
@ -1,8 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
|
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ./cluster16.yaml
|
|
||||||
- ./scheduledbackup.yaml
|
|
||||||
- ./prometheusrule.yaml
|
|
|
@ -1,74 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/monitoring.coreos.com/prometheusrule_v1.json
|
|
||||||
apiVersion: monitoring.coreos.com/v1
|
|
||||||
kind: PrometheusRule
|
|
||||||
metadata:
|
|
||||||
name: cloudnative-pg-rules
|
|
||||||
namespace: database
|
|
||||||
spec:
|
|
||||||
groups:
|
|
||||||
- name: cloudnative-pg.rules
|
|
||||||
rules:
|
|
||||||
- alert: LongRunningTransaction
|
|
||||||
annotations:
|
|
||||||
description: Pod {{ $labels.pod }} is taking more than 5 minutes (300 seconds) for a query.
|
|
||||||
summary: A query is taking longer than 5 minutes.
|
|
||||||
expr: |-
|
|
||||||
cnpg_backends_max_tx_duration_seconds > 300
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
- alert: BackendsWaiting
|
|
||||||
annotations:
|
|
||||||
description: Pod {{ $labels.pod }} has been waiting for longer than 5 minutes
|
|
||||||
summary: If a backend is waiting for longer than 5 minutes
|
|
||||||
expr: |-
|
|
||||||
cnpg_backends_waiting_total > 300
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
- alert: PGDatabase
|
|
||||||
annotations:
|
|
||||||
description: Over 300,000,000 transactions from frozen xid on pod {{ $labels.pod }}
|
|
||||||
summary: Number of transactions from the frozen XID to the current one
|
|
||||||
expr: |-
|
|
||||||
cnpg_pg_database_xid_age > 300000000
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
- alert: PGReplication
|
|
||||||
annotations:
|
|
||||||
description: Standby is lagging behind by over 300 seconds (5 minutes)
|
|
||||||
summary: The standby is lagging behind the primary
|
|
||||||
expr: |-
|
|
||||||
cnpg_pg_replication_lag > 300
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
- alert: LastFailedArchiveTime
|
|
||||||
annotations:
|
|
||||||
description: Archiving failed for {{ $labels.pod }}
|
|
||||||
summary: Checks the last time archiving failed. Will be < 0 when it has not failed.
|
|
||||||
expr: |-
|
|
||||||
(cnpg_pg_stat_archiver_last_failed_time - cnpg_pg_stat_archiver_last_archived_time) > 1
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
- alert: DatabaseDeadlockConflicts
|
|
||||||
annotations:
|
|
||||||
description: There are over 10 deadlock conflicts in {{ $labels.pod }}
|
|
||||||
summary: Checks the number of database conflicts
|
|
||||||
expr: |-
|
|
||||||
cnpg_pg_stat_database_deadlocks > 10
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
||||||
- alert: ReplicaFailingReplication
|
|
||||||
annotations:
|
|
||||||
description: Replica {{ $labels.pod }} is failing to replicate
|
|
||||||
summary: Checks if the replica is failing to replicate
|
|
||||||
expr: |-
|
|
||||||
cnpg_pg_replication_in_recovery > cnpg_pg_replication_is_wal_receiver_up
|
|
||||||
for: 1m
|
|
||||||
labels:
|
|
||||||
severity: warning
|
|
|
@ -1,13 +0,0 @@
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/postgresql.cnpg.io/scheduledbackup_v1.json
|
|
||||||
apiVersion: postgresql.cnpg.io/v1
|
|
||||||
kind: ScheduledBackup
|
|
||||||
metadata:
|
|
||||||
name: postgres
|
|
||||||
namespace: database
|
|
||||||
spec:
|
|
||||||
schedule: "@daily"
|
|
||||||
immediate: true
|
|
||||||
backupOwnerReference: self
|
|
||||||
cluster:
|
|
||||||
name: postgres16
|
|
|
@ -0,0 +1,49 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: postgresql
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: postgresql
|
||||||
|
version: 14.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bitnami-charts
|
||||||
|
namespace: flux-system
|
||||||
|
values:
|
||||||
|
auth:
|
||||||
|
existingSecret: "pgsql-secrets"
|
||||||
|
secretKeys:
|
||||||
|
adminPasswordKey: "adminPassword"
|
||||||
|
replicationPasswordKey: "replicationPassword"
|
||||||
|
|
||||||
|
tls:
|
||||||
|
enabled: true
|
||||||
|
certificatesSecret: postgres-cert
|
||||||
|
certFilename: "tls.crt"
|
||||||
|
certKeyFilename: "tls.key"
|
||||||
|
|
||||||
|
serviceMonitor:
|
||||||
|
enabled: true
|
||||||
|
labels:
|
||||||
|
release: kube-prometheus-stack
|
||||||
|
|
||||||
|
volumePermissions:
|
||||||
|
enabled: true
|
||||||
|
|
||||||
|
primary:
|
||||||
|
persistence:
|
||||||
|
existingClaim: "postgresql-pv-claim"
|
||||||
|
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
||||||
|
readReplicas:
|
||||||
|
containerSecurityContext:
|
||||||
|
enabled: true
|
||||||
|
runAsUser: 10000
|
||||||
|
|
|
@ -1,57 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: cloudnative-pg
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
path: ./kubernetes/main/apps/database/postgresql/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: cloudnative-pg-cluster
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
path: ./kubernetes/main/apps/database/postgresql/cluster
|
|
||||||
prune: true
|
|
||||||
targetNamespace: database
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
- name: cloudnative-pg
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
|
@ -1,7 +1,8 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./pvc.yaml
|
- ./pgsql-pv.yaml
|
||||||
- ./secret.sops.yaml
|
- ./pgsql.sops.yaml
|
||||||
|
- ./cert.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./sonarr-exportarr-metrics.yaml
|
#- ./pgadmin4
|
|
@ -0,0 +1,47 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: pgadmin4
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: pgadmin4
|
||||||
|
version: "1.29.0"
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: runix-charts
|
||||||
|
namespace: flux-system
|
||||||
|
values:
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
hosts:
|
||||||
|
- host: &host pgadm.${SECRET_NEW_DOMAIN}
|
||||||
|
paths:
|
||||||
|
- path: "/"
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
|
||||||
|
# securityContext:
|
||||||
|
# runAsUser: 10000
|
||||||
|
# runAsGroup: 10000
|
||||||
|
# fsGroup: 10000
|
||||||
|
#
|
||||||
|
# containerSecurityContext:
|
||||||
|
# enabled: true
|
||||||
|
# allowPrivilegeEscalation: false
|
||||||
|
|
||||||
|
# envVarsFromConfigMaps:
|
||||||
|
# - pgadmin4-secret
|
||||||
|
|
||||||
|
persistentVolume:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
volumePermissions:
|
||||||
|
enabled: true
|
|
@ -1,8 +1,8 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
apiVersion: source.toolkit.fluxcd.io/v1
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
metadata:
|
metadata:
|
||||||
name: piraeus
|
name: runix-charts
|
||||||
namespace: flux-system
|
namespace: flux-system
|
||||||
spec:
|
spec:
|
||||||
interval: 1m
|
interval: 1m
|
||||||
url: https://piraeus.io/helm-charts/
|
url: https://helm.runix.net
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./secret.sops.yaml
|
- ./pgadmin4.sops.yaml
|
||||||
- ./helm-repository.yaml
|
- ./helm-repository.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolume
|
||||||
|
metadata:
|
||||||
|
name: postgresql-pv
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
storageClassName: hostpath
|
||||||
|
persistentVolumeReclaimPolicy: Retain
|
||||||
|
capacity:
|
||||||
|
storage: 12Gi
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
hostPath:
|
||||||
|
path: "/mnt/MainPool/Kubernetes/databases/postgresql"
|
||||||
|
---
|
||||||
|
apiVersion: v1
|
||||||
|
kind: PersistentVolumeClaim
|
||||||
|
metadata:
|
||||||
|
name: postgresql-pv-claim
|
||||||
|
namespace: database
|
||||||
|
spec:
|
||||||
|
storageClassName: hostpath
|
||||||
|
accessModes:
|
||||||
|
- ReadWriteOnce
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
storage: 10Gi
|
|
@ -0,0 +1,62 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: pgsql-secrets
|
||||||
|
namespace: database
|
||||||
|
stringData:
|
||||||
|
adminPassword: ENC[AES256_GCM,data:gJ7rl2V/VlbIIRvRHcwMaZKN87t5n8bVWZCj/tRv8Uw=,iv:b/5eEnOrHzJrtnO+E2IGwJLHy2AdJQwv9WfUR5fUHY4=,tag:nTtaDNHVfYpChQX9UWwdKA==,type:str]
|
||||||
|
userPassword: ENC[AES256_GCM,data:gR7q508lUaRDRJ/z5lH99JLJSS9zWfg0O+TAm2B9uvo=,iv:9DDQxwd/BGtLQDacAH/crfT+qU4Pn5sGkWuEtmMprUI=,tag:tK3WoUd7729LQDVqU7pckQ==,type:str]
|
||||||
|
replicationPassword: ENC[AES256_GCM,data:BSA5IfYhhvN445yp2i3BI5zlIXgdj+LejCPzvlTMnVo=,iv:Qku2NAQPLxt+NUnk2dSx1+WAoyx3aEuA3+piU2mubYk=,tag:MnI+atK6VLZUc3eGS1OE1w==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-10-22T16:25:15Z"
|
||||||
|
mac: ENC[AES256_GCM,data:uWVPfKwPpR212js7f2RnCzEsMnxk2JpGPcf2L5i4gJCddJCrRJkdhjWGyVVpp/ociP3JLRTI95+WSEUH0KkPZpY1ptQevCVsUemRytOCtBlR0yR4qsBwEisSu8m4B5dbAYsqlXAndrBNL2WGB7uBv+ILgNxkhlN58unseSWJBDM=,iv:e7QyZSlhpyQ+A8OmV4p1848itIUxyam6CJOI9/N7DDY=,tag:N28mfrAjUTTYkly1hu0OhA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:35:15Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ//aQdUERyq3G7V29F5rpY6LdDgo8+hqrrZvdI3JnON0VUM
|
||||||
|
Tj3AAYg+xvYh8aPQywF9fJvn6qNw8fqrb2GiuuNTa9ZPCFsD+WXbuYHmQ9z6tAtV
|
||||||
|
opXe3QLNBuo9zEtUfGPbaCp8EH7f1TxQsTJoe9iE/1B2S69cHNUdgXZtfQyhpmlG
|
||||||
|
iyAk/G04kPazweIuFNjOYaN/12J/s2Cf5AZUeROkMxg8/GTPO68LeEBz9v4vl/1z
|
||||||
|
JlxmZyXR/9IeoBlO63asDrR85fcvSDb31K4qE3WVkag20bXClv1lehLVKO4bxA/F
|
||||||
|
lW1tXDR3odC9Ozme884Znd05L0NWkzYKYRta198IV6JuSCeMdjTscGGlMM9wqqKz
|
||||||
|
SZgs81FHXT16YCVupfI22CqMiD0EzQXrGEtJ4NqaBvhZu+MDxszNRzIl73b0HANc
|
||||||
|
8JQqQqOJh7ltrWnf39Xlv73yVC/pYbaV1LWGnMfqWvOcksa9QjOH9Ysfj/RxdaMw
|
||||||
|
VQhydU+21+xeuEQBL7OsiJQUzgJjFREnTRPXcorCtWxocCn5zwdct1SFchFzCOTp
|
||||||
|
H0ubpD+MP4RTWxuYbZRhE5ty6GJU9liRH7dUJtVaQiv8V+G1DungTqq36AbbnHzd
|
||||||
|
9cy+4cM3wZx2VYElL7DBom8nqqm7Xhffr0UaaY8VFuV5bBry3BmM5rOr8vDYqf7U
|
||||||
|
aAEJAhC/4yiBMuhEB+fwXIq/dBjMzW+p8SotK2QK03yaTFQchnBDknwVdqcKQxIZ
|
||||||
|
di3kupnjB+KllWOZhl121tT9L35ymL53BUu1FKCTFdIS2wXxy6UlIS98n0bvWJYN
|
||||||
|
c5WTfk81xmbT
|
||||||
|
=UE14
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:35:15Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VAQ/9G2JDsJw6YJMjstWPrv07tnU0ErWZx5WGcNUGhw6T5tOJ
|
||||||
|
kXCAuaZax8NxoTtZnQ9Cd+WgJr7R0FuVPEPTc4G2RsfntSZq5rBgCpT0fgwyASFX
|
||||||
|
64b6YTbLcCL+G6sg/FwIi9SRqqCsaljATjoU685vrjaxYYfAdhyUoM3qSNjMMaMl
|
||||||
|
zVjn0kbWrQn4GqfuRMqcr+zCIQdHNTTJ12+c6UUo/zJp4zzjA68Yur9aiw1iHtR1
|
||||||
|
rYCPHX2/ZmQjADTHXqwpuMdb5j0VDcd5JcZabdcJkhn/6MRJiN+XryZN/Neq9UbF
|
||||||
|
5WrMaZz5v0iRnMUCr8HMw29P0ttu5Sma+RyCOZuWlpsXj+C84pJ8CjBbFhzSJzGP
|
||||||
|
cKI8Syn0CPLN3X6vKs+LJXEHg1jxJ9kuN+RgW+SQRctUX3A0JtFg2tWplkptNtLl
|
||||||
|
hN5rW+fWxk7BV9dP7wouwVJiKcW3Y/OMCF5H8YHwL/KVHvANBwNM+nmFPrHaqN2s
|
||||||
|
0RghznmZMVG+9IYedSM6d8ZJLnO/QsNTE0QTGM/3dmBAn9jcndCLTgcgThAtvcmw
|
||||||
|
lFJYaMN3W455Cccaif93xnb44yn47actgEuM6GOuP15GGJaHD2iBQ2atHcaQhNQR
|
||||||
|
mxhIIouu+Kaa6g34MA/VGDNoN0eNYI5RZIUSSBl7bgaOXs9/3j1Uvap9yesCaOTU
|
||||||
|
aAEJAhDDqjX7RUazeEByAiKjv5TxpQzsi8gR4zyrhf6tTx34jHzQNoVjYEtLMEVl
|
||||||
|
ZlAJ06RoxOj8O6+8RGYd/ZUE+TQPQ4jx+PgWrZPUQx8TSxevuduw5XZ1lKytUSCZ
|
||||||
|
GFDjOxp0lMGV
|
||||||
|
=LHSB
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.8.0
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -9,7 +9,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: app-template
|
chart: app-template
|
||||||
version: 3.4.0
|
version: 3.1.0
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: bjws-charts
|
name: bjws-charts
|
||||||
|
@ -69,7 +69,20 @@ spec:
|
||||||
globalMounts:
|
globalMounts:
|
||||||
- path: /etc/dendrite
|
- path: /etc/dendrite
|
||||||
|
|
||||||
data:
|
searchindex:
|
||||||
existingClaim: dendrite
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/matrix/searchindex
|
||||||
globalMounts:
|
globalMounts:
|
||||||
- path: /var/dendrite
|
- path: /var/dendrite/searchindex
|
||||||
|
|
||||||
|
media-store:
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/matrix/media
|
||||||
|
globalMounts:
|
||||||
|
- path: /var/dendrite/media_store
|
||||||
|
|
||||||
|
jetstream:
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/matrix/jetstream
|
||||||
|
globalMounts:
|
||||||
|
- path: /var/dendrite/jetstream
|
|
@ -1,32 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app dendrite
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
targetNamespace: default
|
|
||||||
path: ./kubernetes/main/apps/default/dendrite/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
- name: volsync
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
substitute:
|
|
||||||
APP: *app
|
|
||||||
VOLSYNC_CAPACITY: 10Gi
|
|
|
@ -1,6 +1,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../../../../../common/templates/volsync
|
|
||||||
- ./config.sops.yaml
|
- ./config.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -1,134 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: firefly-env-secret
|
|
||||||
namespace: default
|
|
||||||
stringData:
|
|
||||||
ALLOW_WEBHOOKS: ENC[AES256_GCM,data:Xxto4J8=,iv:kpOdBrY555myNwllEcwVzg3CCqQX/AfLKzuGZyEwQSc=,tag:zKnJV9jCIcw7cHRja+NAhw==,type:str]
|
|
||||||
APP_DEBUG: ENC[AES256_GCM,data:G+3my+Q=,iv:xqormW3/yiOsCcBReBd6tNT9wi60f3kTOZsyp2OKvG4=,tag:WtEJ5w88bYF9KBNDp/Pa6w==,type:str]
|
|
||||||
APP_ENV: ENC[AES256_GCM,data:p4C1h9M=,iv:wtzHEP38BTRol2PFv1YkP8fHWDV118UGGvAcG17Se84=,tag:isAuMLi8DRmJ34VjJcr8sg==,type:str]
|
|
||||||
APP_KEY: ENC[AES256_GCM,data:h+t2SyxNnv8trqbVHChHu715vATc4V3TrwTHiArG02c=,iv:BZa25GDMZkuOnFolSizrBsPCXxpQhOZsXrLzD5er7/A=,tag:h7VqqqmGUwALfFrog+7r3A==,type:str]
|
|
||||||
APP_LOG_LEVEL: ENC[AES256_GCM,data:3kDlJYiw,iv:VAlgQFMykqprZ5VcEi5pr3F6q8fUeWvuT5UxYzz0u8Y=,tag:GmmHyOHNzN1DSvFusGY8HA==,type:str]
|
|
||||||
APP_NAME: ENC[AES256_GCM,data:1sdMi0oSvS/qqA==,iv:UGtsnoz18nzrTZdbNq9yhL1jk9+Xn/MqD4KlC81sa/M=,tag:MLyGbFEH1xhITWSkxx9xsQ==,type:str]
|
|
||||||
APP_URL: ENC[AES256_GCM,data:SOIw95XStnLsNtcGU9a5Ag==,iv:q+XukA9v2LnR8hNfSL2h52htswDCQC9TSWwdlXhSlTA=,tag:g/MB5/+6v7Srlll/nDb1Kw==,type:str]
|
|
||||||
AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:Oxn3lA==,iv:wLWmv5B1guQ+3Rqa2ltRRc1peSbTxTSWhe1EF66H35U=,tag:Q1h7ysz/wc0puT1EUvIskA==,type:str]
|
|
||||||
AUTHENTICATION_GUARD: ENC[AES256_GCM,data:847UILd+icRCFRvkH0cSagM=,iv:/Y3jwxfls8SlKl7buQaqHV/w2mo+U2ZpX4R15fipfQE=,tag:hoDZ973UOjWp6rLGEBVkaQ==,type:str]
|
|
||||||
AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:96dC8h0LvpRdn/OiQseWMKbFNkdf6Q==,iv:EPEd09Ykxj2khSMIjDhBNgYpEf4VXZJSad5dtU1gbRc=,tag:Lcc1/HDbsNXMwtbWqPgPjg==,type:str]
|
|
||||||
BROADCAST_DRIVER: ENC[AES256_GCM,data:rSJL,iv:ccaunQdmOa7yaVkLVDSTCttyJZAs16qX7pw8/ofKWk8=,tag:98QHf78i6Owm8oNA5S3jpA==,type:str]
|
|
||||||
CACHE_DRIVER: ENC[AES256_GCM,data:tzYKrFY=,iv:6ddHudAzcn2ZUrqa9g+Rr7bG++r8jsCJUKmI34fP+us=,tag:aA/W3N9uiXFzvmznYKYvAQ==,type:str]
|
|
||||||
CACHE_PREFIX: ENC[AES256_GCM,data:nY2Ck8/LqA==,iv:tfUGZAC4rroja1Hn2tvybwKBi0j92qjcugsVwJGxU6U=,tag:SUmAWATTIrE68Chi+w+4yw==,type:str]
|
|
||||||
COOKIE_PATH: ENC[AES256_GCM,data:gA==,iv:SO5+C/oRCRvMnxTnf/Uhc2sdMMMtNLIPc3JuqJApY8w=,tag:TAv5wfcDVz9iRfW0JoeISQ==,type:str]
|
|
||||||
COOKIE_SAMESITE: ENC[AES256_GCM,data:PhGj,iv:pDke8PCUQguCrU67nzUqf54czHOZJAA97gtefugjAuk=,tag:ww4WMdwoyv4bImpCNZWYkQ==,type:str]
|
|
||||||
COOKIE_SECURE: ENC[AES256_GCM,data:qtZoimA=,iv:60alWp5X4AEdMJJPYl8RLKf6eJCC3cXBQkNxVk16bbI=,tag:VV1G7ayGfyiRlNTVSnLuew==,type:str]
|
|
||||||
DB_CONNECTION: ENC[AES256_GCM,data:7JuSbA0=,iv:apzB7UuHqKWOMRT8O9IXztTmKD/WBBl5z+p7+ovlNuU=,tag:dUQd4aney67Jz6mmlD7ldA==,type:str]
|
|
||||||
DB_DATABASE: ENC[AES256_GCM,data:h0C3m/idBA==,iv:KrLnKAWCwcZh+awD2VGi0OSMjFNjE89MOJK0+2hj5vw=,tag:kuENZ9I6DU3kvsVgHTIJKA==,type:str]
|
|
||||||
DB_HOST: ENC[AES256_GCM,data:suZVnTKeokhPhUkQPlAb11ZeWS1iBAG63UI=,iv:hr5Bji6OoNGwk7dLSsKEaLi2+aMjtf3LrLZEFAELT0A=,tag:1MmNtjFy4vM1wAGpBDrEKA==,type:str]
|
|
||||||
DB_PASSWORD: ENC[AES256_GCM,data:Jcc8b3a6dkxcY7U1JRL1hvpv/APKPD6xZTO5iz36vSU=,iv:1or2rNKG82uGhb9HpBa9bZyZ8/CJ1B2KQNXuLWchvh8=,tag:FQuv3NpYxWYafSFMoUedDA==,type:str]
|
|
||||||
DB_PORT: ENC[AES256_GCM,data:l70Rpw==,iv:XD8m8nOOIFQHgqxMn5xQk6WJII37/hHVzQ1j8WHT1ko=,tag:Wcmo+puST26D1aGYsa6YhA==,type:str]
|
|
||||||
DB_USERNAME: ENC[AES256_GCM,data:2TWWeu0f7g==,iv:UKgzLVE+IxWpTvapVwfNUh01nIjMKEGo0HoxzYZ2gTc=,tag:SYyJr7iNFA9THKs4X2HcLg==,type:str]
|
|
||||||
DEFAULT_LANGUAGE: ENC[AES256_GCM,data:KeM7X6A=,iv:240BQTfOKiB9r2bVPNSEGdY5o/iAJmf1yV/35FZLEsI=,tag:lQkNFE5hfFGM5DuXVkt8Lw==,type:str]
|
|
||||||
DEFAULT_LOCALE: ENC[AES256_GCM,data:Uxe2nm0=,iv:VKfvZfduIyErX9H2c/U882vGFJfixQkHJ62EhODNS90=,tag:g49fNNArcaGYeXbuCh2k5w==,type:str]
|
|
||||||
DISABLE_CSP_HEADER: ENC[AES256_GCM,data:xDdKfBc=,iv:Hsn3VF+vx248TfQyeZXWdM9/+cslpe/+jCp+eKhSbgg=,tag:yuwRMDIt/pVFtXN/R69tYQ==,type:str]
|
|
||||||
DISABLE_FRAME_HEADER: ENC[AES256_GCM,data:JM9c6yA=,iv:xPZT0uAOgwsTDDxMvfX8xT43SfV9Hci0q8Nki4CmZhY=,tag:5sYoAI8r+nEdxiTl0mp8hw==,type:str]
|
|
||||||
DKR_BUILD_LOCALE: ENC[AES256_GCM,data:2HKiJyI=,iv:MrKsKfpmpEt+meTsddFIa6yvIr2UcV04wwKq+PKrShw=,tag:JFaEoAbasU2QcfS/ERyWww==,type:str]
|
|
||||||
DKR_CHECK_SQLITE: ENC[AES256_GCM,data:EkmP0A==,iv:b6bOouqULZQQtUxORzU+Vbcly4bnaob7nQ/lbdHZEEA=,tag:rjNLVF/C4w0BHy7v3wBD2Q==,type:str]
|
|
||||||
DKR_RUN_MIGRATION: ENC[AES256_GCM,data:A0X5Vg==,iv:ry7Kl+5MtK3ibSGgtzDo6ou/VIy89Y59+In79K047JQ=,tag:W/CuY43sY0f/ioPjoSkGpw==,type:str]
|
|
||||||
DKR_RUN_PASSPORT_INSTALL: ENC[AES256_GCM,data:mnpCGg==,iv:js+DjnezsJ0FIiML+LYnwqMRnIs56n6/8q1qcqEn/00=,tag:r2ebsWf2x07E41LLPQUAzw==,type:str]
|
|
||||||
DKR_RUN_REPORT: ENC[AES256_GCM,data:2lL4gg==,iv:x8/qd5ywFXrLliw2Q7ou7/HuW+MC2bkgeGGyNFR58I0=,tag:/kDbkZ1domLWEMjJIKbqMA==,type:str]
|
|
||||||
DKR_RUN_UPGRADE: ENC[AES256_GCM,data:51UGrQ==,iv:nfn7G2deUUJzgGYX/5lHXQeyQrfDYzVOJ5Febx536fU=,tag:qlX0bmF6wwr8F7/qlEt7ng==,type:str]
|
|
||||||
DKR_RUN_VERIFY: ENC[AES256_GCM,data:b+dXtg==,iv:ENGxxzAGi9U/w062gIFAmOFefEIOy4K4Hvj2AniRYDA=,tag:xnsGoumtfS4brf1xtoKxug==,type:str]
|
|
||||||
ENABLE_EXTERNAL_MAP: ENC[AES256_GCM,data:4iVBWE0=,iv:AC00gQW5dK/GaloS5eqFCs45uBdI/HWdd8FVvtgUeBo=,tag:BeDQ8/gZKC9WYwNkN+WYzg==,type:str]
|
|
||||||
ENABLE_EXTERNAL_RATES: ENC[AES256_GCM,data:argo7PA=,iv:RrT4yl2m5guf/xEHeeggQ66OaK5bTA1KswggBXlR5mc=,tag:8fOZfSKzfZVRJT6/MT1Zaw==,type:str]
|
|
||||||
FIREFLY_III_LAYOUT: ENC[AES256_GCM,data:iuA=,iv:9tC3yvo01IkYsd6JRCRM6aEIsm1CWXyg4f5n364XgHM=,tag:dMrSUIq98cw3XuflE8FNXQ==,type:str]
|
|
||||||
IS_HEROKU: ENC[AES256_GCM,data:o1Lo6+Q=,iv:oyzn/BpHWPef0OD7emyxw6BnmK74s0vpAGvzmrRXgUk=,tag:AAKCNapT/JUBLe/Orp0J6A==,type:str]
|
|
||||||
LOG_CHANNEL: ENC[AES256_GCM,data:JssmWkA=,iv:jM6/uTa4nw0DIeHSN2SRsvHR47gvhWj9fSX+GAvIXHM=,tag:qtnMj5VmdIEBAQmpyE+G9w==,type:str]
|
|
||||||
MAIL_FROM: ENC[AES256_GCM,data:SA/WMvmJc3KIRpZELsiwbf1NsB4=,iv:a766KIX+wmbHLgm/xLAGYHpM9MOYOhZAZKMsHSZ4iGU=,tag:k7OSWx6mPNJREUzS7JOLXA==,type:str]
|
|
||||||
MAIL_MAILER: ENC[AES256_GCM,data:dX3U,iv:jAxKMjeilj4DE1QEzBqT9xz9yE1TA6dqXj7SQwQ1P+Y=,tag:o/V2IEbfbYJpgHpFHXWhRQ==,type:str]
|
|
||||||
MAIL_PORT: ENC[AES256_GCM,data:j2/KWw==,iv:QLJrY1rdwjNwScUHhVq4gW0lEJ1V+dZH78M5Z6TtFYI=,tag:2Xycd/Oppdq31e6EtjzM2Q==,type:str]
|
|
||||||
MAILGUN_ENDPOINT: ENC[AES256_GCM,data:V7gFVEqy1rwBPHqkNRpc,iv:pOotLv1yuPaBbGYQ3sLSy0VJffkDN0FLNnroB61LnW8=,tag:9AURHDTDEVmW/pWXIXy17A==,type:str]
|
|
||||||
MAP_DEFAULT_LAT: ENC[AES256_GCM,data:XiOpIndogm+Y,iv:hbgzN6AK+sDmmRQ83zye8f9a1IiGQGdfEI+LF2RLBo4=,tag:iKKUPXUdYhTTcWNT1/a8zA==,type:str]
|
|
||||||
MAP_DEFAULT_LONG: ENC[AES256_GCM,data:brWzIY9uFRU=,iv:Rssnw2po0rz8UuD6kPzq9AMpy6kuU0vYtZfbGl5eH7c=,tag:V/T1EgIxfKKiXweTRoh0Rg==,type:str]
|
|
||||||
MAP_DEFAULT_ZOOM: ENC[AES256_GCM,data:3A==,iv:DS23RJUIAjxnWAWGnoaMnE91C0vNjBsgWyzjOP9Jdx0=,tag:0zodJUWJP3PPOei1mhFcYw==,type:str]
|
|
||||||
MYSQL_SSL_CAPATH: ENC[AES256_GCM,data:ZADLtd66eCRjuMMf0nsh,iv:Vjj4+5OdbMm4V2TOF6YYfbkJFVe3kHpfS6PcrbWWifg=,tag:VTLoPLRAGX/AonK7gR68tg==,type:str]
|
|
||||||
MYSQL_SSL_VERIFY_SERVER_CERT: ENC[AES256_GCM,data:DJXHgg==,iv:j2eV2VRZ56HMCCkbV5V9vmI1hpOnGWx4362wnhamrGs=,tag:g4OJOGCr6HVrabZ+DwsqcQ==,type:str]
|
|
||||||
MYSQL_USE_SSL: ENC[AES256_GCM,data:YnB9eyU=,iv:xN2rvs+67Ei/HI2xrvXRsqJ3Lq9JxxOUAheF+8/Zc3Q=,tag:MqhC2GTEnZ+OKMUMVzPzBQ==,type:str]
|
|
||||||
PGSQL_SCHEMA: ENC[AES256_GCM,data:CYo9vhMD,iv:odi7vEiG6cmXKqMmSZq8qTRMOM2wCeSSxm/um3ij66I=,tag:ekDtW2K4vXvXFdhBMF87FQ==,type:str]
|
|
||||||
PGSQL_SSL_MODE: ENC[AES256_GCM,data:ITeruVVJ,iv:QRsRTugVCOIG0KZDo86GFDtzyu7ovAqyuxqOcCSOxOE=,tag:vZYyM45ewbhvswtd0wsvlQ==,type:str]
|
|
||||||
QUEUE_DRIVER: ENC[AES256_GCM,data:l6IcPw==,iv:Z370K4KhfY46YaRIYoE4iWjlKX1BdwHJpeNzThkBdfE=,tag:MYa/clN72+A3tTtfG6qtzw==,type:str]
|
|
||||||
REDIS_CACHE_DB: ENC[AES256_GCM,data:mQ==,iv:jey3wT+7uJk4SwEBbthm2ZclWiPPMjrEfUELTORPtXs=,tag:ZfCb08z1G9JJrjoR41+3Zw==,type:str]
|
|
||||||
REDIS_DB: ENC[AES256_GCM,data:EQ==,iv:KbFQy7Z6vjOnv7ryevsl0C8itt/OnE/Fy+AaE7K26rI=,tag:N7jnaM+HxjnJXTPRxf+/Yw==,type:str]
|
|
||||||
REDIS_HOST: ENC[AES256_GCM,data:XgjQh1KlMyVdYBy/4S+1F7GYkQde,iv:L6cZhVxbe55yWQI8akqEPIrKoN4Edtqs4bosa4VOIdE=,tag:qQ01MbfirFPKdRUNXH+Wjg==,type:str]
|
|
||||||
REDIS_PASSWORD: ENC[AES256_GCM,data:n2Wb6AQ2stM7AzyjrN3G7XN9lJC0EwVxr2nxcUr2bGo=,iv:0tExhKBE8K7obpInPkeemdRPU1bY+ofvMGaXzCKNUpM=,tag:x1N9GvOF1nEuhcJN3Z5xAA==,type:str]
|
|
||||||
REDIS_PORT: ENC[AES256_GCM,data:3E4exg==,iv:hpqydc05ay6yPhFCX4WuSrtWNgFTvK7PpXcIvipBzUs=,tag:aDJTwFNp8J56wq+LcwTzeA==,type:str]
|
|
||||||
REDIS_SCHEME: ENC[AES256_GCM,data:3mGo,iv:ruIJ8NVVC366cHr1ZsfdyU6G8fkjwNS5QRctdVc5I/Y=,tag:++pVD8OMqStBQO8AD3W/xg==,type:str]
|
|
||||||
SEND_ERROR_MESSAGE: ENC[AES256_GCM,data:zoEtng==,iv:qyhycmEevYNHLUSllogSsTiHNqJ13i7AEUZ5RRWMBew=,tag:E/2w1qzFvsJx0dSaKz1Cjw==,type:str]
|
|
||||||
SEND_REPORT_JOURNALS: ENC[AES256_GCM,data:I8oPsQ==,iv:epCv5EOgXROYZDaS+dWLYvTJ3+6nYZd/YLHAlpCXRdU=,tag:59DyVe6S0/Ghr+VWj0gauw==,type:str]
|
|
||||||
SESSION_DRIVER: ENC[AES256_GCM,data:ptIntjU=,iv:4xGQcq/hHN6U2wDVloFQuJ9IStt1wzftGvFshscaDuc=,tag:5lxwRlzoscLuQWhhayz8jA==,type:str]
|
|
||||||
SITE_OWNER: ENC[AES256_GCM,data:NliL2v+5L2hgtAypHsx/SZIV,iv:USZTjct97S69oC1qQw1LvsVM14h79sPK6C4kT0tU+9c=,tag:cMo1NulvqtEmviv7bNfhtg==,type:str]
|
|
||||||
TRUSTED_PROXIES: ENC[AES256_GCM,data:mso=,iv:i8oCKh+Do4pitQIG9rjcwxfR+QyJo0a8ZwhpbTmPCjc=,tag:KDYBjKNDxVXmIlQuk6obiQ==,type:str]
|
|
||||||
TZ: ENC[AES256_GCM,data:JKar98ec1U+TgrUJKORIDg==,iv:/KpoEhX94QgN6dfDjYLcZoMbamwuI9ITKT2qI9C9n60=,tag:YzwHNXVCJaz2FetJCGK94Q==,type:str]
|
|
||||||
STATIC_CRON_TOKEN: ENC[AES256_GCM,data:aBoz/nZEyniQSV54roz5q15Yzuz6mTqmoAllT+wlvf4=,iv:GzsNSmuqHF0jC9rQTi+vvr6eGM4/V8n1JxX8Mb3ryO0=,tag:sfBpnGh6Mw4W4yqnYiJ1/g==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2024-10-16T01:01:17Z"
|
|
||||||
mac: ENC[AES256_GCM,data:teviNiyB72tpMJuAc0ap18RFz9zY1KOs9oJRz7Da9CuHAeAYqZrrQ+CSX0N+Mp7t7HIgfDr5grq10DgdjRQYDsUYS/T3UsihdD488i1aBZB5dGb6mo5wUIdBz0CQ4lJkEutnCMHIAuKAMsUYxPnEEqXMKs5BAfF+GtIM0+I1Yi8=,iv:QpaDboQOZ4gPB0PhDWaYZ5HDy8M5W7gvcyO3xpDN/H0=,tag:bAzRW/k/BDbc/c8amU5dyQ==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2024-10-16T01:01:17Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAARAAnpEVRD9lQQYNJ6KutXCbuWwoaOf85NX5AyN/xfisWQKW
|
|
||||||
Wmw+LMvxET8B0Vl95luhhwBa+eFh8SjpRirueFw0q20Fb9RANXtk+EXiT9DG1HdB
|
|
||||||
ZLJxQtcjOOv/alxgRnaft+CD0szNY9QzkvAs9D4hxXNh634JBEf5BmvzNiwcwTtF
|
|
||||||
osFFNJfA5bjVzJGEdnkTcfwwkgDYtQqMibwSbtz93jutmZplEUlAhXqUl/+kwtai
|
|
||||||
Rb2O3CYPLL+vC7H5N0zXxLXcFNjUk9sQrcmBiz2i9DTlav1YHy3NB3EVu+OkvoYO
|
|
||||||
PacIkKNFjWurhmfuAN0dElCBy+gdDvIEXL9mbW07mkqZ/HTlR0xF2Szj5Ax5Drrx
|
|
||||||
+/K4IoanRKp3emkD9YRft9MMIpRboorw4u9t+Zv1kTlmIoIpxpBmJ7/kD3uXRb7s
|
|
||||||
LC5Lth1nk1hK2ZtpBNd1Ldpd4lJ0DodTIs6iBAQ2Tfk3BfZG2EFf+zJQa5YjkPTI
|
|
||||||
YbyT2skSsteRwCrwZMOUC27LwBWXGukU2Zf2aZH3Y2OY/T4KqArmTz4pMpbhnDWT
|
|
||||||
9ueNHwbf38/q1IB1n1TDypybWZa1V4IyRstmORoE1sAHEW07PDqFD3dgtkcGtmUb
|
|
||||||
xCO96GYqrE9kEk1Y5EIaAnN9SrFmpXMxPgvNMuX908OWylPwmVR+p2xXw+Q0GpeF
|
|
||||||
AgwDAAAAAAAAAAABD/99lYaqpgoba0WNLCdn50NNIduiicH2IUNObXyIoGvO2PrH
|
|
||||||
T5BXanicIVDz/WuPRV+cZnNKQ0w4fVMo2wgVNpl53b6XQKm2WWUHFayzbBPQ/zJw
|
|
||||||
xOS/d5onbdrrYqTX8DQ1D0R/uYx3P59YVKcqnt/iSO9WqftxPf82ek8a5DJ/CguM
|
|
||||||
d0HeeyuxOVfpiMRZksMg2VMjZ2GslvlAtkgtam8dE4v4wJ4+9nzVTNCPUAp2rNKC
|
|
||||||
zA/rFvZlNEJuj/+UIVxzM2NR36VQklm82Lcql83f49Xmc56cDXpz0UN+NvKJadc0
|
|
||||||
58dBJhUxKFjmE//rLR8acIR465OEG4x00Xo2260gR2e1Gy8RkRddqOtESwxshnjb
|
|
||||||
k+uDJoVSlJAv1N/VKAZ2HyZHqBGL1rZ8pAhalVUvLOAKDtVymXPDMN1d62tnSag9
|
|
||||||
NUQub1IBOjwYfPNGgAYXBu2/AnXv5eY4yvyJZKoLviauNrQGLHCfnGHtsI59szlZ
|
|
||||||
BEkGWLoq1ScwyfbE3CC6HaDWXgQpdJvOXeIuuYZ5g5aMdIj6fOIGEn7pSvZ0xiVN
|
|
||||||
vjeXtEkLF8uHXCgaqTN4v/jFgRJFymZFNbwkKp5qLkF+LjaLb1U142LlaF1Um/us
|
|
||||||
1Yxue1Et9BYODmSjELEX+vITil3oJMbirwoPcwH2ukfDuoG9hRGK0iwkdb+XXNRo
|
|
||||||
AQkCED1xPAW5o5NG7rPlUzZKeT2/f+wVIM/cR8JJwZI9xUVdwvBYw6jVtcXl9KIo
|
|
||||||
IS7mndJ5YHOgh8HXfcWxG57xtEgh4OjJYXV0Mx43uqVEQ+iiVz2JlR9c5gDOZFGG
|
|
||||||
BJEgufqqSUU=
|
|
||||||
=8uNi
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
|
||||||
- created_at: "2024-10-16T01:01:17Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ/7BFBba7dxizR76JOfHWp1c/UJgFuHHCiP53kn3SdIGQqs
|
|
||||||
ZKJh/CZL9WgEp82WIL9+UN805FKdLmlfU0cu2xkjxx7jTF2iSG8QBhRkli0X6UsD
|
|
||||||
EGCFTXjVazilJfe6YpW6bnqPRq15wTwcp7YVdBi9hSlRgEc8OPSh2fTk29L6Q1nQ
|
|
||||||
oVKih+EFmLhX028w0ys+pXaOjJ15btybR+Y53xizwbYcCKNPOgEJO0TSbMb1zJJa
|
|
||||||
RSqljazLSAeFubMxsXEUv9dvmv4U01ImpQUcuw8U6b8OVvgfD478SOyWmXrk1WrH
|
|
||||||
FLuIt53TTsOzWyAf/vutQo2WwFk7SNBluEFXtB+L9F6ZhKRyuWlFMlV/BQlBJmJD
|
|
||||||
pyX+hBWXac012uiNj45RvFnsCWmIywSuwfCaTuMwl/I01WI7kYhea/2qye6oRwQj
|
|
||||||
3o4svRbjvcMPgwdw6tSnJu6XQ9MV2YSEcDl1FlopzOv9qiX06fWUCvOFfZf/5wH6
|
|
||||||
EKT5vHoFT78WRVBMWzCsqge77joquykEx9X+x6NvtBLVb57RM2a8kMqYDy936+zQ
|
|
||||||
2sw0EXDaSw8HfKFEboixLayndSjQlznBSw80WRKBizTU0bmBMjW8e5Y7X9D9olb3
|
|
||||||
oyrG/EqAkEwvnp4z6M5BBWPyNmQYWLYXb4bTHwRDbom9BK8eRvOjA8EDacxFshbU
|
|
||||||
aAEJAhCFpjbNB5TmbBa9MYlDXfWzo8ONGKupwvpjCvamvD1lwcnaefFxFEjUqLZv
|
|
||||||
J1513onnvdLwNhymnGmVMnY6X+qwXjayi/jRrBdvkNBjmocH4qGr5iZTcpO8HLNA
|
|
||||||
nvRyz440bS22
|
|
||||||
=Q/Bc
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.9.1
|
|
|
@ -0,0 +1,123 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: firefly-env-secret
|
||||||
|
namespace: default
|
||||||
|
stringData:
|
||||||
|
ALLOW_WEBHOOKS: ENC[AES256_GCM,data:qdisaso=,iv:rT7WID3kRMPEGmWJepNmrj1tutxsT5Arw5AN9oVFoXE=,tag:jkYkRaGLEB3iBEjEVIAVCg==,type:str]
|
||||||
|
APP_DEBUG: ENC[AES256_GCM,data:Jyo8QmI=,iv:Gq2Ldh+H+oturcglphQb7ERHX8jD/5j01qtEJDRPAn4=,tag:m96oouPtT9J5zQHPs2QaVw==,type:str]
|
||||||
|
APP_ENV: ENC[AES256_GCM,data:19kiyms=,iv:KLwsQOsDvg/7f18FEsg+e2rgnXSbsxwSNbItmgLGy8M=,tag:mUX/UeXFi0eeZ68bsJpq8Q==,type:str]
|
||||||
|
APP_KEY: ENC[AES256_GCM,data:PI70apm/K8/1el4lW3KR6wLgBDgj0YAQ6KwngqxSv2Y=,iv:S7xrpAeY3wM3moCL/i5R045yst7Zz8ahXbLyNfvacZ0=,tag:hOXR1kKdxVoQxZyjZu+ajg==,type:str]
|
||||||
|
APP_LOG_LEVEL: ENC[AES256_GCM,data:ZwJTcn8y,iv:wk+jX9Zp1TTn1EHv0OLgt+0alm5JBHdWcEtIn1dTI6o=,tag:gR1Ls7dFGyt4hKGiwLU5wQ==,type:str]
|
||||||
|
APP_NAME: ENC[AES256_GCM,data:yfd2OQk6NvjKcA==,iv:jLL2Dt0YlWODwCKSnqR1yuSWJsKySQNZY/pEfxi5jJM=,tag:XoHlMsMuRG6S4Wm0PVjtBA==,type:str]
|
||||||
|
APP_URL: ENC[AES256_GCM,data:+bveNLjanPPMkoMrDO4KsA==,iv:xQWHzRKBMBumi2bFCUKoWLRiuNNV3HQLv1WGEiZ6RRg=,tag:h9IF4XwIK2P8sB4V1Su5Ug==,type:str]
|
||||||
|
AUDIT_LOG_LEVEL: ENC[AES256_GCM,data:OA7nqw==,iv:9BcE5Bf9QDf3kzA4Xbf0XkbkFjGAv6id7vdSI12wRm8=,tag:QN7o1eEbGSTvrGGBzzouSg==,type:str]
|
||||||
|
AUTHENTICATION_GUARD: ENC[AES256_GCM,data:wsQZSzAP0hE4o9DAwNtwSEM=,iv:U6513HaOzDDlCehFuSs8ey0KFWup9S8tAYiSX89EyNg=,tag:i5q9W6uglFZ9bKc2f4QPvQ==,type:str]
|
||||||
|
AUTHENTICATION_GUARD_HEADER: ENC[AES256_GCM,data:0GfWuR+1RhLsED/T5iEDYV3tkmx2wA==,iv:x/6xxFAv5+J8e55a9JnIZ49v/FJRL066rSf2bBxhHHU=,tag:hAhhsDDMeM29b8iMx3xwqA==,type:str]
|
||||||
|
BROADCAST_DRIVER: ENC[AES256_GCM,data:2iYs,iv:5oeuA+08uDRSJyLwwkdFC2q4LZKNs2OSoQjsnIX0aYY=,tag:m2ybfxtY98j39sBnax7IVA==,type:str]
|
||||||
|
CACHE_DRIVER: ENC[AES256_GCM,data:2lv9YGE=,iv:xuk6ih2wApMuWJIlm9clwYCnMR973lG7EOHDUZtlDvc=,tag:cdEh6/zAZ+7IcQMvHojgXQ==,type:str]
|
||||||
|
CACHE_PREFIX: ENC[AES256_GCM,data:OS/jr/Qo5A==,iv:wLeRO4uAo+HHB/1tK3m4MEeefmMRTc0+aTYuUGGrYyg=,tag:8cv8oxfwMkTeZ8+JsCoWVA==,type:str]
|
||||||
|
COOKIE_PATH: ENC[AES256_GCM,data:pQ==,iv:5QR02hlvi9n/gl6LLdSR2HSybzohlCisq51+QzUJv1k=,tag:hpwUD0ctU0pX7S+V6UNz/w==,type:str]
|
||||||
|
COOKIE_SAMESITE: ENC[AES256_GCM,data:HNlS,iv:f/kbAOVyWFEH6yKr+N3zM+9tNQQCpQA7/iKAg8ejFdk=,tag:g1rmzfnWSYIzxFJA0l/uUA==,type:str]
|
||||||
|
COOKIE_SECURE: ENC[AES256_GCM,data:fxJkE2M=,iv:0JXgzyybtMtIgxh6VSwAS5oehpVMFkLKvJFOBDcwhVM=,tag:RAhNUuJKOho6bvXJyNT6cg==,type:str]
|
||||||
|
DB_CONNECTION: ENC[AES256_GCM,data:Y7b+kts=,iv:1vZBNoO4O0Z8LPH3ZPSDpx49jtbQOEl6+BitbKyat4A=,tag:eOUpSlZGZKM0LPHdZMjb+Q==,type:str]
|
||||||
|
DB_DATABASE: ENC[AES256_GCM,data:1rRtAXfMaA==,iv:vErtoqpi1KsHVL0nQ6x2MVNe6JCKxjCxivXXjtUT6Uw=,tag:AYxHWADlGq4NHbcVx8QcHg==,type:str]
|
||||||
|
DB_HOST: ENC[AES256_GCM,data:sjYDEi8q4bAgpdnxin6yDBtNJw==,iv:6rxqBNvXSsE+2oxWbwiztmlxtKP8C0aeYMdmuGTyF/g=,tag:lRB3EwV4vwa64CI3xqi2lQ==,type:str]
|
||||||
|
DB_PASSWORD: ENC[AES256_GCM,data:PeysFTbHeZHTnkn0XlJ58AMZbS3EzANUQ8UnhQXRIoU=,iv:NM8c3dx8TlQkPVJGECnyg2L6JM7CQwlx/LQ59x15dY0=,tag:xuLow/AXp+yOUm4hO2527g==,type:str]
|
||||||
|
DB_PORT: ENC[AES256_GCM,data:yXp98w==,iv:a/jbQI7/3QMKaSJRiZGhdYBzdIzyNA0M3sL83bD/1is=,tag:PxauXvxyQlNo8EaFMzdjKg==,type:str]
|
||||||
|
DB_USERNAME: ENC[AES256_GCM,data:UOz2K8KusA==,iv:75KRLL7F0mtzESvfvVaIJiBqAz1i8JIcS2VwAMm3KVE=,tag:HmjzrLg4hLuAjQ88U3CDbw==,type:str]
|
||||||
|
DEFAULT_LANGUAGE: ENC[AES256_GCM,data:U2qo/Z0=,iv:duSb5g58hXy+BjmU51cWVc2APmz/THtQrmfKyWJL8Xs=,tag:3578FhaZxtyLXjFOJA7sVQ==,type:str]
|
||||||
|
DEFAULT_LOCALE: ENC[AES256_GCM,data:DX3VePo=,iv:d3P66DEPoI3yiZj00YaYVEsu9zCSQ+Nz0vCOxJjfkNk=,tag:JNeGcODHleBBOJrewOWq2w==,type:str]
|
||||||
|
DISABLE_CSP_HEADER: ENC[AES256_GCM,data:mS45ZNE=,iv:7twp7yAggJfGDKnoqoi4OY97uMQuOq1Y3y6LFst9qFY=,tag:mselnIDI/OzNplWsdq2YlA==,type:str]
|
||||||
|
DISABLE_FRAME_HEADER: ENC[AES256_GCM,data:lIO+3IU=,iv:/jCBrh9pxsNouU+glpvXqEXI3veHsqaHWkSDEJcJzHI=,tag:JHWUyPl6Ir+XczlkEm/xsw==,type:str]
|
||||||
|
DKR_BUILD_LOCALE: ENC[AES256_GCM,data:43nBSlc=,iv:pylnsBF4HORItmtHxLxaXjojdyazm1rseMtqgTwwX8k=,tag:mi7eWamr3l/H+foZUJYsJg==,type:str]
|
||||||
|
DKR_CHECK_SQLITE: ENC[AES256_GCM,data:TssvPA==,iv:N6kVxo9w7pjUy5PSt0nF3yPS7imaKaWbizPZdMv7rKQ=,tag:DpWzkfkFbFaQpuLTirsP1g==,type:str]
|
||||||
|
DKR_RUN_MIGRATION: ENC[AES256_GCM,data:6+nNEA==,iv:TxFrPKxoaN/neoRK09F5SJswfh+ULHw/tFQz+ouOOsU=,tag:UsMPAYDhgccBtBUAXxTNaQ==,type:str]
|
||||||
|
DKR_RUN_PASSPORT_INSTALL: ENC[AES256_GCM,data:rA1uHQ==,iv:TKV5pRA65C8FNHOrpzx90qA7maX5ld3aLCv/PrQamII=,tag:bqtT9pqHILiV1AEzkkYk5Q==,type:str]
|
||||||
|
DKR_RUN_REPORT: ENC[AES256_GCM,data:bqE/+A==,iv:PWlGji8/zVoosDeoWaTG4f9rDJwKOilwENI1JtzatPA=,tag:cHCeTgnB7c0TZ+9bSxFW4A==,type:str]
|
||||||
|
DKR_RUN_UPGRADE: ENC[AES256_GCM,data:76w+1w==,iv:XZwFW5WoWRBhfgM8Jf71IAEsWJxaWj6nmzh4arjV9IY=,tag:wm49cS3mMPPj0l7rNRm7nA==,type:str]
|
||||||
|
DKR_RUN_VERIFY: ENC[AES256_GCM,data:GE3u0A==,iv:hZc9+yCN781Hm/M6UrzAnFELJopG/m0PTaHCwJuK4Ic=,tag:SwJ/ujTY9VsrS8payg5FbA==,type:str]
|
||||||
|
ENABLE_EXTERNAL_MAP: ENC[AES256_GCM,data:jwbL3WE=,iv:EmuPlxlldYIK57w44oeiOUx4dNUx88avn/MXGw0khqk=,tag:6UqgxY3eTE/DQ4znx5NNzw==,type:str]
|
||||||
|
ENABLE_EXTERNAL_RATES: ENC[AES256_GCM,data://NWaSg=,iv:l1k7TLg2d4impHiGyHtVmXFBpHSK1X+MIIMEvqHmFCc=,tag:7FX96H6R+ez0corFjpzoWA==,type:str]
|
||||||
|
FIREFLY_III_LAYOUT: ENC[AES256_GCM,data:KGo=,iv:xvBorcd8fPvlGYeomuexZBtORPc7LJRII9pYP1ZNBsg=,tag:ibFX6k0a12rXElxRODc1YA==,type:str]
|
||||||
|
IS_HEROKU: ENC[AES256_GCM,data:Ffu4Sro=,iv:Q5txv1a/DcH+Utlr12zQJUBy4vlcdxcHFsNDWuWVOeU=,tag:NTay0IKz6s7a9dFpx1BZ+w==,type:str]
|
||||||
|
LOG_CHANNEL: ENC[AES256_GCM,data:Njfav/E=,iv:xwccazZYrtARU7xKooAnBKJcCDJH5xUSN0C+nIs8Pos=,tag:jI3pelMMZQQ37uuUmUmENQ==,type:str]
|
||||||
|
MAIL_FROM: ENC[AES256_GCM,data:ILVOrph55Ku8pIfsHtU8DjMuUjo=,iv:c4wzRvDugyRUbKZKq/fgQ2eP3CJ1wJzkQo89tBCZ0WU=,tag:tx2lUsnCBbYIk0h4gL/CBA==,type:str]
|
||||||
|
MAIL_MAILER: ENC[AES256_GCM,data:rdoZ,iv:NBi4YtbtTkDJHQmXBu9lGUfCWhfRgtYLI3UCayMpq2k=,tag:o+cXYLXlJ0bWVQAPr85CJA==,type:str]
|
||||||
|
MAIL_PORT: ENC[AES256_GCM,data:lffjiQ==,iv:GsZWiMZGuhpPJfX6vPcr3PKuq2YXS3oQ8v8NojufyKk=,tag:rHcfDoLZdU5wCQR4g/qV6A==,type:str]
|
||||||
|
MAILGUN_ENDPOINT: ENC[AES256_GCM,data:rrw7Rwjo//tdEyxN98pE,iv:3aeAQM4RV5hDFfZ08voXgk7IrejoM8YACluo75AmRrE=,tag:cAmTiI0vPAnY7NX+YlM6Og==,type:str]
|
||||||
|
MAP_DEFAULT_LAT: ENC[AES256_GCM,data:i8I6LaPPLFoi,iv:sG6dP5GS2G6kGXEsn8P3KJmyEThJ73WIN2gkMJwNDBA=,tag:uefjbg5pZdIIONBklcsSyw==,type:str]
|
||||||
|
MAP_DEFAULT_LONG: ENC[AES256_GCM,data:+ESO4h6cGSE=,iv:hAFNmDfc6XWnQbpLQXjUsdZSOwPu964MlFBXYsNr9O0=,tag:iXfs5Z+Ojojzp2H2u1kHxA==,type:str]
|
||||||
|
MAP_DEFAULT_ZOOM: ENC[AES256_GCM,data:zw==,iv:soYKokimSKxSS0x9nM7GcZfpXtwxjuXVls+KFh61w30=,tag:ryX2Rj1TakKRfynh7bFEtw==,type:str]
|
||||||
|
MYSQL_SSL_CAPATH: ENC[AES256_GCM,data:Mo68CXbhV7kK5ZGi5MS8,iv:pVKSl5Tu8xzZVk4FX0DIA3vpVYZ9V0RXtfkoUTYeAAU=,tag:bez1DYHFlOn5TZ/oz7F6fQ==,type:str]
|
||||||
|
MYSQL_SSL_VERIFY_SERVER_CERT: ENC[AES256_GCM,data:DT7Jow==,iv:ZEOzfc0IepdvDNo2vWanOsYAT4EGLvFnSpL8qiiOwes=,tag:eEilJ8cwgCer7H/8qpDPgg==,type:str]
|
||||||
|
MYSQL_USE_SSL: ENC[AES256_GCM,data:rsKgGpE=,iv:nEJbHiaqOvVauAtCyL6uvfmkAmgvjjSFb28L3/j1PmU=,tag:6d5whsZ30buXkc0W4+5JIg==,type:str]
|
||||||
|
PGSQL_SCHEMA: ENC[AES256_GCM,data:pmFdRyiy,iv:mYXXlj7R7T3RTuK7QNRKiY6HwCezQYaMpn6de0st+FA=,tag:xFs7kAnFuRjDVRjKyyrJOw==,type:str]
|
||||||
|
PGSQL_SSL_MODE: ENC[AES256_GCM,data:/spE//X3,iv:qCBP7fJVFixBrB1ApGti1Nq0S87RcVxpHqmPBW9GuWU=,tag:MyCEseplfPX9PNdoqGLvmw==,type:str]
|
||||||
|
QUEUE_DRIVER: ENC[AES256_GCM,data:tTmRSg==,iv:2KdDPsJ9PlyHsVsFdknC7A4cShE5bBBpRxWslF/0wgY=,tag:7QN0MlfyoDyukmAgmgQvxg==,type:str]
|
||||||
|
REDIS_CACHE_DB: ENC[AES256_GCM,data:9w==,iv:MKfWJO941vxlJ0VP/0ob9JeFnHkI+okOkd/ifxkbKTA=,tag:PyyjVTRCUSvZxpHekP9ENQ==,type:str]
|
||||||
|
REDIS_DB: ENC[AES256_GCM,data:Bw==,iv:h3v/+cO1W7eGDAGjVtgeDh8UekMg+ZvIRkNZx+iE/Es=,tag:nF143FAtE181ZJfAjtau7A==,type:str]
|
||||||
|
REDIS_HOST: ENC[AES256_GCM,data:7hVDI2P+443UGlw/jyBFmNTDBM2p,iv:sbLD+/wdDEiKYpR3ttrey6HTlI5n76trH3wZjU7s3uQ=,tag:qZP1nb9+tOr7Lm4i9HR4wg==,type:str]
|
||||||
|
REDIS_PASSWORD: ENC[AES256_GCM,data:/i9UM5Cx6h61xbDQ//ocmW1BtmT0LILnwwemOwaTTkw=,iv:FINFRW1006Ljnb1JSi+Ctae3Jw9xR5EW73Ut8FCNfHI=,tag:+6raDqY1TgQQgbkcCcbCLg==,type:str]
|
||||||
|
REDIS_PORT: ENC[AES256_GCM,data:ME1O4Q==,iv:FhqTqv645wnhhQdGW0IsemeXOlJuCKjbMa3tBw0kueI=,tag:b7TdkDklkFwE/X3lE6XZGA==,type:str]
|
||||||
|
REDIS_SCHEME: ENC[AES256_GCM,data:puE6,iv:XvOpz9QO7Fn14bbHT8L2p0HquNxIzxomN3Bg3K2NOQY=,tag:qerZcGVGKXW+YAyj6RK9Tg==,type:str]
|
||||||
|
SEND_ERROR_MESSAGE: ENC[AES256_GCM,data:9xoXVw==,iv:m20IvyDsNzw7v3U8Ai34MhhxrIUGnU3OK9LHwZAdlJo=,tag:BgrhqBiqc9RYo9EzOCvSsw==,type:str]
|
||||||
|
SEND_REPORT_JOURNALS: ENC[AES256_GCM,data:+ErZjA==,iv:dcrc2+U7MoSBQ3b7w2qe0wIb50AbLDQ8/N9TK03ub5o=,tag:ub6+5g77qZxq8IjxDmk7og==,type:str]
|
||||||
|
SESSION_DRIVER: ENC[AES256_GCM,data:QlF9bSQ=,iv:I1cjDE4EFVG166ISZaNuM0eFMs6U55y7LUl2cVIONrI=,tag:VxKEC67A3Y0IRNKJ/nZV0g==,type:str]
|
||||||
|
SITE_OWNER: ENC[AES256_GCM,data:KbzTQ/QdlMmxnSDr1mCo4EG9,iv:287MEAzZFE3+zp3bWWA5Y2u3w7iQH+7AAZ812I4Elx0=,tag:TlljmsgLww7EJIBMdDrKvA==,type:str]
|
||||||
|
TRUSTED_PROXIES: ENC[AES256_GCM,data:cAU=,iv:MBL/z8pmM2CxlDT1sY4my2gC3jsDo6O1NSa11w3en5U=,tag:zqzHOR69HT3+U7tQOFQQSw==,type:str]
|
||||||
|
TZ: ENC[AES256_GCM,data:45gLKxH0OsAfMPkgnjKgWQ==,iv:P9CUovVI4WSfZi1nyFHVzHJ7Oioai1FUZRcgBNhQb64=,tag:S7IF8Oxg7hYNcT0mcgkg7Q==,type:str]
|
||||||
|
STATIC_CRON_TOKEN: ENC[AES256_GCM,data:1xck+8s3ifQmregeKU6891pErxZy86fO0I6XPE83l3o=,iv:XSsCSJkkGwG12f2lhd6IDl07OLVCW8J/945acFP99lA=,tag:XNxSQGyHvR/6/A3EVT69gg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age: []
|
||||||
|
lastmodified: "2023-06-17T19:05:29Z"
|
||||||
|
mac: ENC[AES256_GCM,data:GWtQz5/wKpk38ZYLwn+kGyCT8hFo2SmoaI9vuEFju6N9ipJW1MNQONqTx/Qa8Cje8pT7xIxdoTf+23PaFG91v/gcilMCYjE+OFnVBk80d6ZBTXiSmoQ0DYO3hWiXyMfXTJ1OPqExOkY09QSAfXOrN0JphnWpPNZnaVuxMJZS/Og=,iv:/QbEi6hhsPpeSa5bOxPObP8UUpAwA/I6wU8VXQ6NcOc=,tag:FYYj1y/zTl82SVva0oauuA==,type:str]
|
||||||
|
pgp:
|
||||||
|
- created_at: "2023-06-19T18:36:01Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAzKleRwoSoixAQ//So248m5bmfJG0gp5ZIAK2dVhH44xEg/6yzZ6TC9W4px2
|
||||||
|
SPqB+gmwswX64NGcGZQ8LQZExyy2poxh7lfQHIdsv2QSTbf0vmOZqG9L7Fv/DSU0
|
||||||
|
EnUpt04K1yyVyW09tlcE/SIyMy9HhWyH0vZfwqHc/pHnaAhZKEuBH+kFiNPz4Bfd
|
||||||
|
xtXeieOGYV9ois2vM2NFNohEagrkbpMb8ZEOrWlB8+ZJZhkIeNc2kA+w0n0TEEtR
|
||||||
|
WefrBwear6YloK89hEfWRdJYksfKvOsU7U+L6MKpMxqGBIpLIV5kTifRAt8pdrNX
|
||||||
|
m7MY/laTWcqTp1VXUMZQUq+tCa/jjIh4MDvmzGcrRfhSLDvkFz8W43yHvy/hTKgc
|
||||||
|
nes55vhrWK9ABcZ5sZ3xdfH3ys3tODUsUkaLALaCbXUdg15cQRwvdNkgHou/oY26
|
||||||
|
jAc38EpeBEtIpkH+nBHLgbflFkElqOcpcS/5OR4mL0dGQ0EhhYTzxES+jcVYg9ka
|
||||||
|
Na163uPvhNnFNMUACKsDU/u2WngU8B5ISjlsiX9EkbKqDgHrLSJywKcoYESgnU/K
|
||||||
|
q+24HIFH8cmghRYJZ7SXDahsEw8VrcqQEWTSMM4YnwJeBZH9pjeUK6RySLHxK9F7
|
||||||
|
rK2djzc6so2Lk/AhYot9FNNwXWqrBKQq7kjFF8Mr6ALydZgst/tSBPtpTxpADZDU
|
||||||
|
aAEJAhDuDefWmaUMfyK+B21JoUTJtAp1icQZrIFg+mTH+qDWPXdpM1qsaci59aq/
|
||||||
|
vkML3TwjiytUNRMVORlLPv2z8adUuXIgPx8yEclTxCDKM3bqIfVs1xj2GAItyO4K
|
||||||
|
XYBV8oIdHegO
|
||||||
|
=GI4b
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 2CC2B3631D5C3393901335DB68F95C5D753EE1E5
|
||||||
|
- created_at: "2023-06-19T18:36:01Z"
|
||||||
|
enc: |
|
||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hQIMAy5t8IMoPu4VARAApwoZ01GS0soprXAf20Ye1XQVLIFvIuYjub01ibNZmb3m
|
||||||
|
uJiPyClzMqcjy6TKWvCc6sT1W5DQ3aY9E1ARhgwR/yaIZ31WvNcnLczaOACHPlaW
|
||||||
|
7e4o9tauN8CYpQqPmTxDyQehKe1EbWqq+63FRAUV0+9qEY/ACCwNtv1HCa2dgyto
|
||||||
|
0I6v/BmW+KJ10iGCsRv8g5IgPSjYT66a2fsDg24kjtqygHwZ5BPe6xUBJ7zxCmVT
|
||||||
|
z/3WKaNx5Rdv8l45QQcl2fe1qNNdljJNgowCq23uODcQPJPGEY4wOeYHOlGTKE+E
|
||||||
|
JojnysVUhILhZtTZ5/AcP36RCzMDGQX7wYtvwh6bgf4qf4InX8+O/WK3u+jOreUl
|
||||||
|
zbcy/lB7bsQ0usZNPsfy2Qh2LPlziBce9JtkPnWXBwS+lZUCXKDS8pizmj7DZnlo
|
||||||
|
+3L1f26rn21ye/iOyBArzVmqI4QLJzHJI7l6TZgvvv1dZKHyLW5jCHSq4f098roO
|
||||||
|
kIKxRThFvTZ9jqM7uDYGiAsGt1L7p+HJRY5WdAVGEaL8jWADW7jjF8qTF3BJ05A9
|
||||||
|
OgnRxIew6ofB5WeYSrU5dn5di6pTNI6bqHVHbZf3BTrGwdpqsAcniUtDM1FAdU/4
|
||||||
|
QtB7tXNAYV+ZTDez/MMm7l1xKS6FpPbM5ZUtrcv27I51e2HAyYSsj6FNWWyvXEbU
|
||||||
|
aAEJAhCfDkAnvink2rBria46BR0IPWSLaVEpnusa/OED/Xw4EEgiFq3XonPTHaqG
|
||||||
|
iXSfeD0XauMxpLan+YesEv9SRP3ef9iX5OGNwVPpIDlkOyUztBWtf3I7tP2LCf2p
|
||||||
|
/GKlxeQfAlpx
|
||||||
|
=zWYo
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
|
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
||||||
|
encrypted_regex: ^(data|stringData)$
|
||||||
|
version: 3.7.3
|
|
@ -60,7 +60,8 @@ spec:
|
||||||
port: http
|
port: http
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
uploads:
|
firefly-uploads:
|
||||||
existingClaim: fireflyiii
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/fireflyiii-uploads
|
||||||
globalMounts:
|
globalMounts:
|
||||||
- path: /var/www/html/storage/upload
|
- path: /var/www/html/storage/upload
|
|
@ -1,32 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app fireflyiii
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
targetNamespace: default
|
|
||||||
path: ./kubernetes/main/apps/default/fireflyiii/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
- name: volsync
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
substitute:
|
|
||||||
APP: *app
|
|
||||||
VOLSYNC_CAPACITY: 5Gi
|
|
|
@ -1,7 +1,6 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../../../../../common/templates/volsync
|
|
||||||
- ./env-secret.sops.yaml
|
- ./env-secret.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./daily-cronjob.yaml
|
- ./daily-cronjob.yaml
|
|
@ -38,13 +38,13 @@ spec:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
- name: PUID
|
- name: PUID
|
||||||
value: 10555
|
value: 555
|
||||||
- name: PGID
|
- name: PGID
|
||||||
value: 10555
|
value: 555
|
||||||
- name: TZ
|
- name: TZ
|
||||||
value: "America/New_York" # Set to your timezone
|
value: "America/New_York" # Set to your timezone
|
||||||
- name: DB_HOST
|
- name: DB_HOST
|
||||||
value: "postgres16-rw.database.svc"
|
value: "postgresql.database"
|
||||||
- name: DB_PORT
|
- name: DB_PORT
|
||||||
value: "5432"
|
value: "5432"
|
||||||
- name: DB_USER
|
- name: DB_USER
|
||||||
|
|
|
@ -38,7 +38,7 @@ spec:
|
||||||
name: ganymede-env
|
name: ganymede-env
|
||||||
key: dbPassword
|
key: dbPassword
|
||||||
- name: POSTGRES_SEEDS # postgres hostname, idk why its called SEEDS
|
- name: POSTGRES_SEEDS # postgres hostname, idk why its called SEEDS
|
||||||
value: postgres16-rw.database.svc
|
value: postgresql.database
|
||||||
|
|
||||||
service:
|
service:
|
||||||
app:
|
app:
|
||||||
|
|
|
@ -38,7 +38,7 @@ spec:
|
||||||
|
|
||||||
env:
|
env:
|
||||||
DATABASE_ADAPTER: postgresql
|
DATABASE_ADAPTER: postgresql
|
||||||
DATABASE_HOST: postgres16-rw.database.svc
|
DATABASE_HOST: postgresql.database
|
||||||
DATABASE_PORT: 5432
|
DATABASE_PORT: 5432
|
||||||
|
|
||||||
DATABASE_NAME: huginn
|
DATABASE_NAME: huginn
|
||||||
|
|
|
@ -1,13 +1,13 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./fireflyiii/ks.yaml
|
- ./fireflyiii
|
||||||
- ./cdn
|
- ./cdn
|
||||||
- ./trilium/ks.yaml
|
- ./trilium
|
||||||
- ./mealie/ks.yaml
|
- ./mealie
|
||||||
- ./huginn
|
- ./huginn
|
||||||
- ../../../common/apps/exim/ks.yaml
|
- ../../../common/apps/exim/ks.yaml
|
||||||
- ./well-known-site
|
- ./well-known-site
|
||||||
- ./dendrite/ks.yaml
|
- ./dendrite
|
||||||
- ./ganymede
|
- ./ganymede
|
||||||
- ./piwigo/ks.yaml
|
- ./piwigo
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
POSTGRES_USER: mealie
|
POSTGRES_USER: mealie
|
||||||
# specified in mealie-env
|
# specified in mealie-env
|
||||||
# POSTGRES_PASSWORD
|
# POSTGRES_PASSWORD
|
||||||
POSTGRES_SERVER: postgres16-rw.database.svc
|
POSTGRES_SERVER: postgresql.database
|
||||||
POSTGRES_PORT: 5432
|
POSTGRES_PORT: 5432
|
||||||
POSTGRES_DB: mealie
|
POSTGRES_DB: mealie
|
||||||
|
|
||||||
|
@ -92,6 +92,7 @@ spec:
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
data:
|
data:
|
||||||
existingClaim: mealie
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/Mealie
|
||||||
globalMounts:
|
globalMounts:
|
||||||
- path: /app/data
|
- path: /app/data
|
|
@ -1,32 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app mealie
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
targetNamespace: default
|
|
||||||
path: ./kubernetes/main/apps/default/mealie/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
- name: volsync
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
substitute:
|
|
||||||
APP: *app
|
|
||||||
VOLSYNC_CAPACITY: 5Gi
|
|
|
@ -1,6 +1,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../../../../../common/templates/volsync
|
|
||||||
- ./env-secret.sops.yaml
|
- ./env-secret.sops.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -61,10 +61,14 @@ spec:
|
||||||
port: http
|
port: http
|
||||||
|
|
||||||
persistence:
|
persistence:
|
||||||
data:
|
config:
|
||||||
existingClaim: piwigo
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/piwigo/config
|
||||||
globalMounts:
|
globalMounts:
|
||||||
- path: /config
|
- path: /config
|
||||||
subPath: config
|
|
||||||
|
gallery:
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/piwigo/gallery
|
||||||
|
globalMounts:
|
||||||
- path: /gallery
|
- path: /gallery
|
||||||
subPath: gallery
|
|
|
@ -1,32 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app piwigo
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
targetNamespace: default
|
|
||||||
path: ./kubernetes/main/apps/default/piwigo/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
- name: volsync
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
substitute:
|
|
||||||
APP: *app
|
|
||||||
VOLSYNC_CAPACITY: 10Gi
|
|
|
@ -1,5 +1,4 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helm-repo.yaml
|
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -1,61 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2beta2.schema.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: trilium
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 3.4.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjws-charts
|
|
||||||
namespace: flux-system
|
|
||||||
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
main:
|
|
||||||
containers:
|
|
||||||
main:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/zadam/trilium
|
|
||||||
tag: 0.63.7
|
|
||||||
env:
|
|
||||||
TRILIUM_PORT: &port 8080
|
|
||||||
service:
|
|
||||||
app:
|
|
||||||
controller: main
|
|
||||||
ports:
|
|
||||||
http:
|
|
||||||
port: *port
|
|
||||||
ingress:
|
|
||||||
main:
|
|
||||||
annotations:
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
||||||
hosts:
|
|
||||||
- host: "notes.${SECRET_NEW_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
service:
|
|
||||||
identifier: app
|
|
||||||
port: http
|
|
||||||
persistence:
|
|
||||||
data:
|
|
||||||
existingClaim: trilium
|
|
||||||
globalMounts:
|
|
||||||
- path: /home/node/trilium-data
|
|
||||||
temp:
|
|
||||||
type: persistentVolumeClaim
|
|
||||||
storageClass: openebs-zfs-mainpool
|
|
||||||
accessMode: ReadWriteOnce
|
|
||||||
size: 2G
|
|
||||||
globalMounts:
|
|
||||||
- path: /home/node/trilium-data/log
|
|
||||||
subPath: log
|
|
||||||
- path: /home/node/trilium-data/sessions
|
|
||||||
subPath: sessions
|
|
||||||
- path: /home/node/trilium-data/backup
|
|
||||||
subPath: backup
|
|
|
@ -1,5 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
- ../../../../../common/templates/volsync
|
|
||||||
- ./helm-release.yaml
|
|
|
@ -0,0 +1,50 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: trilium
|
||||||
|
namespace: default
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/zadam/trilium
|
||||||
|
tag: 0.63.7
|
||||||
|
|
||||||
|
env:
|
||||||
|
TRILIUM_PORT: &port 8080
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: *port
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
hosts:
|
||||||
|
- host: &host "notes.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/trilium
|
||||||
|
mountPath: /home/node/trilium-data
|
|
@ -1,32 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app trilium
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
targetNamespace: default
|
|
||||||
path: ./kubernetes/main/apps/default/trilium/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
- name: volsync
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
substitute:
|
|
||||||
APP: *app
|
|
||||||
VOLSYNC_CAPACITY: 5Gi
|
|
|
@ -1,5 +1,4 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./helm-repo.yaml
|
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
|
@ -259,7 +259,7 @@ spec:
|
||||||
externalDatabase:
|
externalDatabase:
|
||||||
type: postgres
|
type: postgres
|
||||||
|
|
||||||
host: postgres16-rw.database.svc
|
host: postgresql.database
|
||||||
port: 5432
|
port: 5432
|
||||||
|
|
||||||
## the schema which will contain the airflow tables
|
## the schema which will contain the airflow tables
|
||||||
|
|
|
@ -5,8 +5,8 @@ resources:
|
||||||
#- ./network_policy.yaml
|
#- ./network_policy.yaml
|
||||||
- ./qbittorrent
|
- ./qbittorrent
|
||||||
- ./qbit-manage
|
- ./qbit-manage
|
||||||
- ./radarr/ks.yaml
|
- ./radarr
|
||||||
- ./sonarr/ks.yaml
|
- ./sonarr
|
||||||
- ./prowlarr
|
- ./prowlarr
|
||||||
- ./bazarr
|
- ./bazarr
|
||||||
- ./readarr
|
- ./readarr
|
||||||
|
|
|
@ -2,5 +2,5 @@ apiVersion: v1
|
||||||
kind: Namespace
|
kind: Namespace
|
||||||
metadata:
|
metadata:
|
||||||
name: download
|
name: download
|
||||||
annotations:
|
labels:
|
||||||
volsync.backube/privileged-movers: "true"
|
name: download
|
|
@ -1,148 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: radarr
|
|
||||||
namespace: download
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 3.4.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjws-charts
|
|
||||||
namespace: flux-system
|
|
||||||
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
radarr:
|
|
||||||
initContainers:
|
|
||||||
init-db:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/onedr0p/postgres-init
|
|
||||||
tag: 16
|
|
||||||
env:
|
|
||||||
INIT_POSTGRES_DBNAME: &dbName radarr_main
|
|
||||||
INIT_POSTGRES_HOST: &dbHost postgres16-rw.database.svc
|
|
||||||
INIT_POSTGRES_PORT: &dbPort "5432"
|
|
||||||
envFrom: &envFrom
|
|
||||||
- secretRef:
|
|
||||||
name: radarr-secret
|
|
||||||
|
|
||||||
containers:
|
|
||||||
app:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/onedr0p/radarr-develop
|
|
||||||
tag: 5.12.0.9255
|
|
||||||
envFrom: *envFrom
|
|
||||||
env:
|
|
||||||
TZ: America/New_York
|
|
||||||
RADARR__APP__INSTANCENAME: Radarr
|
|
||||||
RADARR__APP__THEME: dark
|
|
||||||
RADARR__AUTH__METHOD: External
|
|
||||||
RADARR__AUTH__REQUIRED: DisabledForLocalAddresses
|
|
||||||
RADARR__LOG__DBENABLED: "False"
|
|
||||||
RADARR__LOG__LEVEL: info
|
|
||||||
RADARR__POSTGRES__HOST: *dbHost
|
|
||||||
RADARR__POSTGRES__PORT: *dbPort
|
|
||||||
RADARR__POSTGRES__MAINDB: *dbName
|
|
||||||
RADARR__SERVER__PORT: &port 7878
|
|
||||||
RADARR__UPDATE__BRANCH: develop
|
|
||||||
probes:
|
|
||||||
liveness: &probes
|
|
||||||
enabled: true
|
|
||||||
custom: true
|
|
||||||
spec:
|
|
||||||
httpGet:
|
|
||||||
path: /ping
|
|
||||||
port: *port
|
|
||||||
initialDelaySeconds: 0
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 1
|
|
||||||
failureThreshold: 3
|
|
||||||
readiness: *probes
|
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
capabilities: { drop: ["ALL"] }
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: 100Mi
|
|
||||||
limits:
|
|
||||||
memory: 4Gi
|
|
||||||
|
|
||||||
exportarr:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/onedr0p/exportarr
|
|
||||||
tag: v2.0.1
|
|
||||||
args:
|
|
||||||
- radarr
|
|
||||||
env:
|
|
||||||
- name: URL
|
|
||||||
value: "http://localhost"
|
|
||||||
- name: PORT
|
|
||||||
value: &metricsPort 9000
|
|
||||||
- name: ENABLE_ADDITIONAL_METRICS
|
|
||||||
value: "true"
|
|
||||||
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
|
||||||
value: "true"
|
|
||||||
- name: API_KEY
|
|
||||||
secretKeyRef:
|
|
||||||
name: radarr-secret
|
|
||||||
key: RADARR__AUTH__APIKEY
|
|
||||||
defaultPodOptions:
|
|
||||||
securityContext:
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 10000
|
|
||||||
runAsGroup: 10000
|
|
||||||
fsGroup: 10000
|
|
||||||
fsGroupChangePolicy: OnRootMismatch
|
|
||||||
|
|
||||||
service:
|
|
||||||
app:
|
|
||||||
controller: radarr
|
|
||||||
|
|
||||||
ports:
|
|
||||||
http:
|
|
||||||
port: *port
|
|
||||||
metrics:
|
|
||||||
port: *metricsPort
|
|
||||||
protocol: HTTP
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
app:
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
|
||||||
|
|
||||||
hosts:
|
|
||||||
- host: "radarr.${SECRET_NEW_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
service:
|
|
||||||
identifier: app
|
|
||||||
port: http
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
#type: hostPath
|
|
||||||
#hostPath: /mnt/MainPool/Kubernetes/radarr
|
|
||||||
existingClaim: radarr
|
|
||||||
globalMounts:
|
|
||||||
- path: /config
|
|
||||||
# main: # controller name
|
|
||||||
# radarr: # container name
|
|
||||||
# - path: /config
|
|
||||||
# exportarr:
|
|
||||||
# - path: /config
|
|
||||||
# readOnly: true
|
|
||||||
storage:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /mnt/MainPool/Media
|
|
||||||
advancedMounts:
|
|
||||||
radarr: # controller name
|
|
||||||
app: # container name
|
|
||||||
- path: /storage
|
|
|
@ -1,8 +0,0 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
||||||
kind: Kustomization
|
|
||||||
resources:
|
|
||||||
#- ../../../../../common/templates/volsync
|
|
||||||
- ./pvc.yaml
|
|
||||||
- ./secret.sops.yaml
|
|
||||||
- ./helm-release.yaml
|
|
||||||
- ./radarr-exportarr-metrics.yaml
|
|
|
@ -1,10 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: radarr
|
|
||||||
spec:
|
|
||||||
accessModes: ["ReadWriteOnce"]
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 15Gi
|
|
||||||
storageClassName: openebs-zfs-mainpool
|
|
|
@ -1,76 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: radarr-secret
|
|
||||||
namespace: download
|
|
||||||
stringData:
|
|
||||||
RADARR__AUTH__APIKEY: ENC[AES256_GCM,data:4YjKtZCtMpQbH4UekHNAJo8XCHQsFzk/VC4dFQqwq60=,iv:D+LyeryyOEfAsecY3dI5jL2WVoKYXh5KKbr+nOzwjP8=,tag:1XTPGSADTN8ajqeabDnewA==,type:str]
|
|
||||||
RADARR__POSTGRES__USER: ENC[AES256_GCM,data:G+8/0CJN,iv:fxHLk5YPz2sC2GQ8TCvJskpjo8A0FlwwyvCgfQx+stI=,tag:S1z679b57weJNa5CJ+UCug==,type:str]
|
|
||||||
RADARR__POSTGRES__PASSWORD: ENC[AES256_GCM,data:bc5CDUJgEG2BQN33Jd39xLfSzjmgEoy17kcGXGhJR3A=,iv:i9rx+uLRC6oRyCk08TaxMUJWZYM28sC0+86cg6/HUd0=,tag:H6fQnNYhZCE9gEbOfAn0YA==,type:str]
|
|
||||||
INIT_POSTGRES_USER: ENC[AES256_GCM,data:9TuuqOuW,iv:HPPBvVxAxEdF3dT4GChiuH5QUOyZF/zatwTBcvsiZpM=,tag:1gqQynXybB92MS5fBD5rzA==,type:str]
|
|
||||||
INIT_POSTGRES_PASS: ENC[AES256_GCM,data:LUpXvIhljefhWr9oWaI9EE1pSVDIwfx3aRykLmLV7vo=,iv:puMPzgBnNiwPeGCN4yncOBHTBkVFcZQHo240/oDhVPs=,tag:kXW1Zz6vLAnp2TWRt61r/Q==,type:str]
|
|
||||||
INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:MJ3bEXMPjDGc9VC96H9tAwrXqx9ufgCuC53862faGGQ=,iv:/KnIW8x0s07KHtX2/+S7KxTkjD1U3M2dhrOdqTrIgMo=,tag:tlrLFcSYURIIFiH1q6awBQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2024-10-16T01:04:26Z"
|
|
||||||
mac: ENC[AES256_GCM,data:GJWny77+79pyRm/wGJtnlpJEaxZVvisiyTwHfUkymE1WKtKRuWFTuwag6aV0N6gIxtH4ko69ciNGgbanVaxpQ1LvS5YYk+xhIUp3AzPF/FWb7orQnOcirXDO7n5QWBl6fiE0TUiUSJ9usZXH/RsSCG+F11LWJP2sI7OXhAxIsz8=,iv:qj5JsEGYx2OMfQEmCxdVWv/5LrhPZH3CVD+iiO1Ruok=,tag:0QMsaIqvJ+V53rIGXeTpIQ==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2024-10-16T01:04:26Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAARAAlVvZKk+zcf+j22YM0ZwYIAKlNWbQcL6oODPpQ1BN80by
|
|
||||||
NiTFc88i8cDOh3AySWOYVVKB5v9UcYPWqw212uvEleyvb3UlHPrn/8XmWzUaLOyP
|
|
||||||
AfPXuPTBvFp3LvsbSXSvHRJok2EzF9vf7jv6wx1be+EObcwibUBN3FIdey/lB1fH
|
|
||||||
Ja/X25aotqkheoM/0QAQb3jL4w95LjiY0EdaGE0RZcRJY4AHqGNyMv07Hquu7GRN
|
|
||||||
17B+DfOKUg61eJ0aTX0LdCGwjr1HGvg694SujSzeivkAHFQgu7zuqg4J7BfxSKrT
|
|
||||||
tEjnSuXzjVs/zedLBt4xhNNki3gttQz1duQL8VvvK2V60sbu5HwvVHo19qxf++Zm
|
|
||||||
7GhYtv0R8DstQ/9DcXVbst67y11ilGbJyvITfci/TAwJm8undukwFjXwlvK6lJOa
|
|
||||||
hIili789G0Djfznw5rJXbjgAHACD7mMgvV32Ii5t4dG8Bn/GEwyS5+C70vy0LZPZ
|
|
||||||
lQXmR50d15SAyNEDWmfSG9Me7mfn4d59FrtMIQkKdvDVRdCWRN8cqUTRuteq1ERz
|
|
||||||
dngXwSzf55fabOvAQohFgDwvIOHnhAazimjrx235g39HMNtlkFvMCU0J8lux50iI
|
|
||||||
zy1jvzpB8f31iFal/ylDTJNR4g3DhzphHRaD97AqVCxjPRTQbTsU3KEYEZWhndaF
|
|
||||||
AgwDAAAAAAAAAAABD/9hwr+yVE4VuefE5qfqNY6yAodeZxlsYXluTsBMli+Hbu1z
|
|
||||||
Jsyd2TlMBjuA/4st8fjZl+wBdTbiMcFoZ2hRnAzIuJvPapoeZM9nB3w3jHV8g+UJ
|
|
||||||
rtgq0cuM969o+TKa7dzmeg2fVZ7OsKVe4ZwM26c7WjhWrFo4SMd2D91bc+op0A25
|
|
||||||
ouEigbsvIUHzCws3IOf8gmAZs60zRo3CP8rafhmhyoGXOrh6vQWby8I/JMkvuf4F
|
|
||||||
bAuwAsUqFdIDwH65DI6zsPuaD8SJ00FVLqliQB/kbbhz0K7no49jJZuJlGJ/9GjU
|
|
||||||
gFPOFJzWUT09hdvd7zOVXO4xmo87Zx+H08lb+VC7GMf7REjbrLISgZPJqY4N9gff
|
|
||||||
hVetnOErlQgTEv8ZJUn228ndtR9s9L17v+lsO+a7XRQW3i1aAcHBED7nZEoN5b0Y
|
|
||||||
k5EJOMOAxxEVmT3aMNEkC7O+X9Ojxxxja1qBFDQu59QTwCagb1nRtPaXnSZ2wDoc
|
|
||||||
S1QBxHPGK0vIw6hCJTXkWAqKQpQx/gBvEuMQsyO8Vzg/9tbX6lBxVHZIpBzl689R
|
|
||||||
Csu3WlMJbscqL0FjPKjNo2unUE7epGBvr0vcQJ76bvmCNHlb2xLhy+AiXtHTVhuA
|
|
||||||
abC9tNwOTxJbpxIhBIJPidotOcvX6pCZlmVOd5Hrec+VUWG8SWVH8/gm9ixCztRm
|
|
||||||
AQkCEMHFPeChsZuPd8ZYGHT2EDhkgO7Fc+DqPIb78yYsBsnEFQGVRHcnXvmfMvyZ
|
|
||||||
jHqDqkVoYUlPsssMIJhGZOlLhgoiVEiePZ1DrBAKkhctB+vtVLhwuJddh6tdZelh
|
|
||||||
1FJKtdR4
|
|
||||||
=CkVe
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
|
||||||
- created_at: "2024-10-16T01:04:26Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAARAAmXUF7aBFkVd9j4dHGVsR53c9EVJOv/dx0ZnAjOLvw71r
|
|
||||||
9n+T412OAxqABUnmS0nOOSaESYRMvNwaCyx5NJBAF2VrWlwFFCVSB4pXzkPHzLA1
|
|
||||||
8lscA99wFMYN9DQByaPTneBV6W+LDu6LKj/O7A7FZfuomaNNtmJ+iITVLp2NKDcY
|
|
||||||
575hmVGiQDC2I+gxx2TeSjCYJpNDZW18AuY9Z9zeQzKGbfj2541o4BZ8kgs+NUo/
|
|
||||||
CnwXwVIPbIr2nW1jqlXmCusTQhyZ78wOf2TbBn/Qm4hBJZTpxKKJyTKJBpF1olyV
|
|
||||||
usnLiMwZkSLCHVb7AzzVfXQGIiiuKF3wpy7kfAq86PpCW9JP0h8sdjyK/8wbeE2x
|
|
||||||
w/EhilfNFEtMiyD38KSFJ/gf0l9Vy+GkzHcq6LjxBPIIFSe6x6EIWge6GScQJ0pd
|
|
||||||
1wAzNIXswYzUkRIyVUuzCdLSRUVzaqh6ICixu7PQVhlQeAbZ6uvBxP2vDfxGJE+E
|
|
||||||
HNJhwTSDXgwY/mibNpKLsoduaN28FfWRdRk1hCTHNo7vcmN4xp0vtbZdAAyRgU4F
|
|
||||||
fzINAG9ep484SIPUCIho6qI0pfC9DETpo0OLh2KddLAT0gAu8XgLTH2KYNSd7UEy
|
|
||||||
euxrZtLQIx7cGExdXFBcGHIPdXolZPESvSUZ/UuF7sQewjDS5ReyBoYisux1YwfU
|
|
||||||
ZgEJAhC779UuniZgT7WYra3v2u2JkBhCy29GIc5EW4dH9n2KoK9MfbIIxbDC599r
|
|
||||||
SUbvN8RV226CLfD8rJz9dNYrygEXGyrTTkBLHC76ru5inj3g7DN3HaJPrWPMVpTq
|
|
||||||
rVs3c98SBQ==
|
|
||||||
=UOM9
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.9.1
|
|
|
@ -0,0 +1,119 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: radarr
|
||||||
|
namespace: download
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/radarr-develop
|
||||||
|
tag: "5.12.0.9255"
|
||||||
|
|
||||||
|
# Metrics sidecar
|
||||||
|
sidecars:
|
||||||
|
exportarr:
|
||||||
|
image: ghcr.io/onedr0p/exportarr:v2.0.1
|
||||||
|
args:
|
||||||
|
- radarr
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 9000
|
||||||
|
env:
|
||||||
|
- name: URL
|
||||||
|
value: "http://localhost"
|
||||||
|
- name: CONFIG
|
||||||
|
value: "/config/config.xml"
|
||||||
|
- name: PORT
|
||||||
|
value: 9000
|
||||||
|
- name: ENABLE_ADDITIONAL_METRICS
|
||||||
|
value: "true"
|
||||||
|
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
||||||
|
value: "true"
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /config
|
||||||
|
readOnly: true
|
||||||
|
|
||||||
|
env:
|
||||||
|
TZ: America/New_York
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
labels:
|
||||||
|
app: radarr-service
|
||||||
|
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 7878
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: 9000
|
||||||
|
protocol: HTTP
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: false
|
||||||
|
# custom: true
|
||||||
|
# spec:
|
||||||
|
# httpGet:
|
||||||
|
# path: /ping
|
||||||
|
# port: 7878
|
||||||
|
# initialDelaySeconds: 10
|
||||||
|
# periodSeconds: 10
|
||||||
|
# timeoutSeconds: 3
|
||||||
|
# failureThreshold: 3
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "radarr.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/radarr
|
||||||
|
mountPath: /config
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Media
|
||||||
|
mountPath: /storage
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 1m
|
||||||
|
memory: 350Mi
|
||||||
|
limits:
|
||||||
|
memory: 1500Mi
|
|
@ -1,31 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: &app radarr
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
targetNamespace: download
|
|
||||||
path: ./kubernetes/main/apps/download/radarr/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
substitute:
|
|
||||||
APP: *app
|
|
||||||
VOLSYNC_CAPACITY: 15Gi
|
|
|
@ -1,7 +1,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ./namespace.yaml
|
|
||||||
- ./helm-repository.yaml
|
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./monitoring-helm-release.yaml
|
- ./radarr-exportarr-metrics.yaml
|
|
@ -1,142 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: sonarr
|
|
||||||
namespace: download
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: app-template
|
|
||||||
version: 3.4.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: bjws-charts
|
|
||||||
namespace: flux-system
|
|
||||||
|
|
||||||
values:
|
|
||||||
controllers:
|
|
||||||
sonarr:
|
|
||||||
initContainers:
|
|
||||||
init-db:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/onedr0p/postgres-init
|
|
||||||
tag: 16
|
|
||||||
env:
|
|
||||||
INIT_POSTGRES_DBNAME: &dbName sonarr_main
|
|
||||||
INIT_POSTGRES_HOST: &dbHost postgres16-rw.database.svc
|
|
||||||
INIT_POSTGRES_PORT: &dbPort "5432"
|
|
||||||
envFrom: &envFrom
|
|
||||||
- secretRef:
|
|
||||||
name: sonarr-secret
|
|
||||||
|
|
||||||
containers:
|
|
||||||
app:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/onedr0p/sonarr-develop
|
|
||||||
tag: 4.0.9.2457
|
|
||||||
envFrom: *envFrom
|
|
||||||
env:
|
|
||||||
TZ: America/New_York
|
|
||||||
SONARR__APP__INSTANCENAME: Sonarr
|
|
||||||
SONARR__APP__THEME: dark
|
|
||||||
SONARR__AUTH__METHOD: External
|
|
||||||
SONARR__AUTH__REQUIRED: DisabledForLocalAddresses
|
|
||||||
SONARR__LOG__DBENABLED: "False"
|
|
||||||
SONARR__LOG__LEVEL: info
|
|
||||||
SONARR__POSTGRES__HOST: *dbHost
|
|
||||||
SONARR__POSTGRES__PORT: *dbPort
|
|
||||||
SONARR__POSTGRES__MAINDB: *dbName
|
|
||||||
SONARR__SERVER__PORT: &port 8989
|
|
||||||
SONARR__UPDATE__BRANCH: develop
|
|
||||||
|
|
||||||
probes:
|
|
||||||
liveness: &probes
|
|
||||||
enabled: true
|
|
||||||
custom: true
|
|
||||||
spec:
|
|
||||||
httpGet:
|
|
||||||
path: /ping
|
|
||||||
port: *port
|
|
||||||
initialDelaySeconds: 0
|
|
||||||
periodSeconds: 10
|
|
||||||
timeoutSeconds: 1
|
|
||||||
failureThreshold: 3
|
|
||||||
readiness: *probes
|
|
||||||
securityContext:
|
|
||||||
allowPrivilegeEscalation: false
|
|
||||||
readOnlyRootFilesystem: true
|
|
||||||
capabilities: { drop: ["ALL"] }
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
memory: 100Mi
|
|
||||||
limits:
|
|
||||||
memory: 4Gi
|
|
||||||
|
|
||||||
exportarr:
|
|
||||||
image:
|
|
||||||
repository: ghcr.io/onedr0p/exportarr
|
|
||||||
tag: v2.0.1
|
|
||||||
args:
|
|
||||||
- sonarr
|
|
||||||
env:
|
|
||||||
- name: URL
|
|
||||||
value: "http://localhost"
|
|
||||||
- name: PORT
|
|
||||||
value: &metricsPort 9000
|
|
||||||
- name: ENABLE_ADDITIONAL_METRICS
|
|
||||||
value: "true"
|
|
||||||
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
|
||||||
value: "true"
|
|
||||||
- name: API_KEY
|
|
||||||
secretKeyRef:
|
|
||||||
name: sonarr-secret
|
|
||||||
key: SONARR__AUTH__APIKEY
|
|
||||||
|
|
||||||
defaultPodOptions:
|
|
||||||
securityContext:
|
|
||||||
runAsNonRoot: true
|
|
||||||
runAsUser: 10000
|
|
||||||
runAsGroup: 10000
|
|
||||||
fsGroup: 10000
|
|
||||||
fsGroupChangePolicy: OnRootMismatch
|
|
||||||
|
|
||||||
service:
|
|
||||||
app:
|
|
||||||
controller: sonarr
|
|
||||||
|
|
||||||
ports:
|
|
||||||
http:
|
|
||||||
port: *port
|
|
||||||
metrics:
|
|
||||||
port: *metricsPort
|
|
||||||
protocol: HTTP
|
|
||||||
|
|
||||||
ingress:
|
|
||||||
app:
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/cluster-issuer: letsencrypt-production
|
|
||||||
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
||||||
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
|
||||||
|
|
||||||
hosts:
|
|
||||||
- host: "sonarr.${SECRET_NEW_DOMAIN}"
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
service:
|
|
||||||
identifier: app
|
|
||||||
port: http
|
|
||||||
|
|
||||||
persistence:
|
|
||||||
config:
|
|
||||||
existingClaim: sonarr
|
|
||||||
globalMounts:
|
|
||||||
- path: /config
|
|
||||||
storage:
|
|
||||||
type: hostPath
|
|
||||||
hostPath: /mnt/MainPool/Media
|
|
||||||
advancedMounts:
|
|
||||||
sonarr: # controller name
|
|
||||||
app: # container name
|
|
||||||
- path: /storage
|
|
|
@ -1,10 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: PersistentVolumeClaim
|
|
||||||
metadata:
|
|
||||||
name: sonarr
|
|
||||||
spec:
|
|
||||||
accessModes: ["ReadWriteOnce"]
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
storage: 15Gi
|
|
||||||
storageClassName: openebs-zfs-mainpool
|
|
|
@ -1,76 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: sonarr-secret
|
|
||||||
namespace: download
|
|
||||||
stringData:
|
|
||||||
SONARR__AUTH__APIKEY: ENC[AES256_GCM,data:PWRlk76a7RYZ03VCvmqmIZO5HhaGvyEXcW2DECI2vGA=,iv:fITW+yradbG6OJ94mmLOtAlpW6yfN574s8cwQ1e9uOI=,tag:oJJ5dG6L4mXrthi+CRWUcA==,type:str]
|
|
||||||
SONARR__POSTGRES__USER: ENC[AES256_GCM,data:LI08bpMG,iv:Qp0NWVtIFWiKgEUrT/BdMzwa7+8fjggKWUBy8Ru4g8M=,tag:gB1Uj/WfTGWStk5nk0mNnA==,type:str]
|
|
||||||
SONARR__POSTGRES__PASSWORD: ENC[AES256_GCM,data:VwG6Sr80tQf2otnE2BhCJi0uQKwgsPrRwJ+3F8uriVw=,iv:sFJYYpcjmQp89NZ4m+RF8AXFN2ICe2xB3vRVZHcmrv8=,tag:cWRNeAN3L07VRI4fwv8A1w==,type:str]
|
|
||||||
INIT_POSTGRES_USER: ENC[AES256_GCM,data:oTucnP6X,iv:jcpa5bpxQqoo976y5SPTy/0wJ1/p711omqzYgbOe6KM=,tag:HoI/9ejCZO0F6wd4SFJMJg==,type:str]
|
|
||||||
INIT_POSTGRES_PASS: ENC[AES256_GCM,data:SQxqWbm9WpozkytSmzrjQYZfkZ3A8sP7wJEL8J/iFjU=,iv:V/XXsoOGhSACVe3ZP18+2oxOCDhwvPcX7ITSBAuBals=,tag:zGPMmZ9161/zlOBPxDYKMQ==,type:str]
|
|
||||||
INIT_POSTGRES_SUPER_PASS: ENC[AES256_GCM,data:2p9pzuEfRhsS9HqR0weJnE8Z2v5jUZXuD21NwBOiDH8=,iv:WISDSdnnuOCIDt6WFapkq5xAr+26stvJcD8Iqj8aS6c=,tag:BgFKami5xIxsCTr/7M/mLQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age: []
|
|
||||||
lastmodified: "2024-10-16T01:05:42Z"
|
|
||||||
mac: ENC[AES256_GCM,data:T0EoAhc+rtPMHQRUcu/PlzwtKXQh4zaYjTvGO+YI6eVWaxHSQbT8J4VmRl4+MdBf5rj8qUlxGEpo0bv9vPLm2IAAQMMVKxDeVwWqFywdzDLJod/WX2BODuun2JTBTF1ELDkMlWKFYV4Y71ZWpyXY1VFBBvM3dL7JNn7oI5X9UZg=,iv:xYgjaAiwKHaEa8tP8OZCT6JiNVRm1Ex509lYjMciD5k=,tag:C3q1lbG+rTVFaFXzQZMONw==,type:str]
|
|
||||||
pgp:
|
|
||||||
- created_at: "2024-10-16T01:05:42Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ/+NRZ2RB5WCLg+k4zKrC0g5XOcMeS3BGXexjrHluCbtvgZ
|
|
||||||
BI+V49yhaJz/KrowfP3d3/mXC3sc4oelcgoLL4th12s2RdFH3OT1OD2JNe9+Krg3
|
|
||||||
M1EgKcZjA/T4Qdq1MBbp5XWw3rxnm5KDoIJ7q6eo/qi+k+hD+4InoV2AWTsROCK3
|
|
||||||
iCHSY7ZMymw0ZXYUdeevzuWCl91osznk1HqQf09NXnYHAJo/yoAsT/enmQjyPQ91
|
|
||||||
VXTp+oRs/rMYyWhQA8dqL1rvzIKO0n0iuc01DiephstUqNs0Sl9uMUSiaa0pHthq
|
|
||||||
TWe7z9LvCRZoUCFyobYtb2V8m/o6Hh2pUPX6E3T7oAs8BQfOeyL9vXlALUGu84Sz
|
|
||||||
3cjAfrfNPgY90thEnpJaC/FbIo0QoW9vbQPk4amd3ZB7FD0LFCEkJB2IIEVPLgUj
|
|
||||||
xIUG7Cj4Sbt0Y56E25bq34R8pxuj/VgzPTAG3ezTRGgpYBmubPRFzic3EEVt9nw7
|
|
||||||
fAgaUW5Xyncxcc6PSx1iB424od1H/tTxHWDeQvOrwNzRqWSlsCUUv/7iyNWhSWTd
|
|
||||||
+hpC9dZaCrKKNotyYmqVmCdINvXTh/M7viVYUCa+n08BOp6FT+VXn/jG9rdtoPIb
|
|
||||||
OQE/OtwkVQordHFDTms/a1t5CaSPAnbVyZHbF+hAWF4ii2ZqPRHNoh8ZiwcYkqOF
|
|
||||||
AgwDAAAAAAAAAAABEACASFOBSDzeOrKNsIGBlrFdcCxBe+0zRAKj08qZVwlQ1NBa
|
|
||||||
+0/QsJKyf6s4PxcCBFbiPyGzhVkMM47Uvpez+Yd7cLoBUCIquPwBF3pI7BUNcIZ6
|
|
||||||
Sn+6pcyIg/PwhyGSvr0vCDNTfgMAZx+pFowpGMJpGGH1N1hvOrSgPniS6h4iusPc
|
|
||||||
dIWQRiyb2HknXD2Kl4VwvYPYmsVbRDafN/w6oJooXO1VJCE8tcRYvAleYkXKU+Yx
|
|
||||||
IWolheFiJHf9psKR9hV1Z0qBAXQrL7FNybh1vkdPx9rfO/ZW5I0k23dYTQLQGeds
|
|
||||||
BsxsDEwuIatiIWqyxjqiOvFVjgMUQrGY+W/1RxAT/rPgVSltyLrNBj5Aftn2HSgA
|
|
||||||
XEqfQsEudkiANxSb9N1dhH6xPurWrpo03BrPPEZxs4PgKSG1gqHrnc3ZfX2CzLJf
|
|
||||||
nC4KANCM+od4CE/n6lQRjTMHxE6YSR4YxoYaPEHAVRyBntOkWmmgJLSm4jDHf/GC
|
|
||||||
Mmm12kjZFwj1saE8ez/dcoKEFgopBSD9423WogwX17Ds9B8GMLrxpqBjEF5WUFv2
|
|
||||||
68QZuNvONgMEP9Y0qJERH5WTFxdtynkHE3Nw0lXbxKUjK/GYfwQ7A2UBOXlpxXCE
|
|
||||||
8oAEPd/gvzy0SdI8UA2De6OG/HU6P7wEcQIxiclEiw8zRMtIlnkrvMgoqf7vu9Ro
|
|
||||||
AQkCEFoSRJpIZnFThNv1WXQmh6ssYzdwzczzWIthociPckS4bglxAm88r/iikUcO
|
|
||||||
iS2RD4EofwECn9fKkaJbfqFLOEpRdMdKnO04SHpgM0u4sxDuG9Y6bPptqQxELHSo
|
|
||||||
S5j9msdiAj8=
|
|
||||||
=A/Lt
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: BD1AAF9D8170F4BEE437365FF6F0933799CFEBCD
|
|
||||||
- created_at: "2024-10-16T01:05:42Z"
|
|
||||||
enc: |-
|
|
||||||
-----BEGIN PGP MESSAGE-----
|
|
||||||
|
|
||||||
hQIMAwAAAAAAAAAAAQ/9GppcaU9jTMDfyzkU35WWqaJ2o9boG5BrYzPNLsoZuNHc
|
|
||||||
czMiMTw/WZM9QITQuMOZaWKBQ8uPjjP+BIzMz7iZmxNs4Mq29TolrRaFBUvcc2Sq
|
|
||||||
xRJyoN4+h0ly2uo0+8Uzp8JQUqPGpWZnmQIQWx6bkT5BBtAGvrHlf5mYsno9P0Lp
|
|
||||||
gRlnuNNiMcN0AV/SJ4NDjBZ9EmhuVTvyCZin4XJr6nvCZqZPBD+0yUvB8qd7QzPK
|
|
||||||
G+6+63b1VruDBA/MAbZLaiDGTDMVE5ax3TLwmBdhxcSaCK0jHJiTUmHaq0mIq+0m
|
|
||||||
QqACid7xymmE9rGPWIpAMh31ANm7zD+cVdu0n+FOsa4aR+WfRB3cfP2ccMj2iCxY
|
|
||||||
YbnfBuu9YyVKA3vB68ol+W5gqfP0+vVsUub/1F1cV97tbybhnvvV+a7Hs41aSdfk
|
|
||||||
9z91OplIanTRuk/5wttH6m8RzIIbZ2QWE04Y53tcrhwFZkPeq62OreD0UndJVl0z
|
|
||||||
tucdkxZlMT/qKMT72+gjdJzkpytJkqbJIR6A9rWW7v+h2Iv42RhmJKJGrcFY1hhe
|
|
||||||
l0y7DTdo3vggiU4OLnLXwvBVObiI8ob4o1nbHZzm0Ok1Gkd2X6Ftl+4N/43xhO/2
|
|
||||||
5mjTtZrlMblzT/tcZcqnfYY2m0DFzu6dVE1uqwJ3+a13m/YYtFjJBLwQsJmuDXLU
|
|
||||||
aAEJAhAKyZtbruxt4b1JANjH+OMa/WgQSJk13aVe1R4YWtJMdI8VEYvPJOY2r18O
|
|
||||||
eNvVjigAn0K78wrm2g6OHEZWKIHyUveMi2DDU+zmzRIx2RsRpmTq8+tCeVXAV7Y4
|
|
||||||
Po01Sb2rKcjV
|
|
||||||
=HGeQ
|
|
||||||
-----END PGP MESSAGE-----
|
|
||||||
fp: 687802D4DFD8AA82EA55666CF7DADAC782D7663D
|
|
||||||
encrypted_regex: ^(data|stringData)$
|
|
||||||
version: 3.9.1
|
|
|
@ -0,0 +1,120 @@
|
||||||
|
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||||
|
kind: HelmRelease
|
||||||
|
metadata:
|
||||||
|
name: sonarr
|
||||||
|
namespace: download
|
||||||
|
spec:
|
||||||
|
interval: 5m
|
||||||
|
chart:
|
||||||
|
spec:
|
||||||
|
chart: app-template
|
||||||
|
version: 1.3.x
|
||||||
|
sourceRef:
|
||||||
|
kind: HelmRepository
|
||||||
|
name: bjws-charts
|
||||||
|
namespace: flux-system
|
||||||
|
|
||||||
|
values:
|
||||||
|
image:
|
||||||
|
repository: ghcr.io/onedr0p/sonarr-develop
|
||||||
|
tag: "4.0.9.2457"
|
||||||
|
|
||||||
|
# Metrics sidecar
|
||||||
|
sidecars:
|
||||||
|
exportarr:
|
||||||
|
image: ghcr.io/onedr0p/exportarr:v2.0.1
|
||||||
|
args:
|
||||||
|
- sonarr
|
||||||
|
ports:
|
||||||
|
- name: metrics
|
||||||
|
containerPort: 9000
|
||||||
|
env:
|
||||||
|
- name: URL
|
||||||
|
value: "http://localhost"
|
||||||
|
- name: CONFIG
|
||||||
|
value: "/config/config.xml"
|
||||||
|
- name: PORT
|
||||||
|
value: 9000
|
||||||
|
- name: ENABLE_ADDITIONAL_METRICS
|
||||||
|
value: "true"
|
||||||
|
- name: ENABLE_UNKNOWN_QUEUE_ITEMS
|
||||||
|
value: "true"
|
||||||
|
volumeMounts:
|
||||||
|
- name: config
|
||||||
|
mountPath: /config
|
||||||
|
readOnly: true
|
||||||
|
|
||||||
|
env:
|
||||||
|
TZ: America/New_York
|
||||||
|
SONARR__AUTHENTICATION_METHOD: "External"
|
||||||
|
|
||||||
|
service:
|
||||||
|
main:
|
||||||
|
labels:
|
||||||
|
app: sonarr-service
|
||||||
|
|
||||||
|
ports:
|
||||||
|
http:
|
||||||
|
port: 8989
|
||||||
|
|
||||||
|
metrics:
|
||||||
|
enabled: true
|
||||||
|
port: 9000
|
||||||
|
protocol: HTTP
|
||||||
|
|
||||||
|
probes:
|
||||||
|
liveness:
|
||||||
|
enabled: true
|
||||||
|
custom: true
|
||||||
|
spec:
|
||||||
|
httpGet:
|
||||||
|
path: /ping
|
||||||
|
port: 8989
|
||||||
|
initialDelaySeconds: 0
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 1
|
||||||
|
failureThreshold: 3
|
||||||
|
startup:
|
||||||
|
enabled: false
|
||||||
|
|
||||||
|
ingress:
|
||||||
|
main:
|
||||||
|
enabled: true
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/cluster-issuer: letsencrypt-production
|
||||||
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd
|
||||||
|
hosts:
|
||||||
|
- host: &host "sonarr.${SECRET_NEW_DOMAIN}"
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- *host
|
||||||
|
|
||||||
|
persistence:
|
||||||
|
config:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Kubernetes/sonarr
|
||||||
|
mountPath: /config
|
||||||
|
storage:
|
||||||
|
enabled: true
|
||||||
|
type: hostPath
|
||||||
|
hostPath: /mnt/MainPool/Media
|
||||||
|
mountPath: /storage
|
||||||
|
|
||||||
|
podSecurityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 10000
|
||||||
|
runAsGroup: 10000
|
||||||
|
fsGroup: 10000
|
||||||
|
fsGroupChangePolicy: OnRootMismatch
|
||||||
|
|
||||||
|
resources:
|
||||||
|
requests:
|
||||||
|
cpu: 2m
|
||||||
|
memory: 350Mi
|
||||||
|
limits:
|
||||||
|
memory: 2500Mi
|
|
@ -1,28 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: sonarr
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
targetNamespace: download
|
|
||||||
path: ./kubernetes/main/apps/download/sonarr/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
- name: openebs-sc
|
|
||||||
postBuild:
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ./helm-release.yaml
|
||||||
|
- ./sonarr-exportarr-metrics.yaml
|
|
@ -1,9 +1,8 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../../common/apps/volsync-system
|
|
||||||
- ./database
|
- ./database
|
||||||
- ./authentik/ks.yaml
|
- ./authentik
|
||||||
- ./media
|
- ./media
|
||||||
- ./download
|
- ./download
|
||||||
- ./management
|
- ./management
|
||||||
|
|
|
@ -19,7 +19,7 @@ metadata:
|
||||||
namespace: monitoring
|
namespace: monitoring
|
||||||
subsets:
|
subsets:
|
||||||
- addresses:
|
- addresses:
|
||||||
- ip: 192.168.10.42
|
- ip: 192.168.10.41
|
||||||
ports:
|
ports:
|
||||||
- name: metrics
|
- name: metrics
|
||||||
port: 9100
|
port: 9100
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
#- ./air-quality.yaml
|
- ./air-quality.yaml
|
||||||
#- ./air-quality-dashboard.yaml
|
- ./air-quality-dashboard.yaml
|
||||||
- ./essential-node-exporter.yaml
|
- ./essential-node-exporter.yaml
|
|
@ -59,21 +59,11 @@ spec:
|
||||||
|
|
||||||
prometheusSpec:
|
prometheusSpec:
|
||||||
enableAdminAPI: false
|
enableAdminAPI: false
|
||||||
|
|
||||||
retention: 1d
|
retention: 1d
|
||||||
|
|
||||||
remoteWrite:
|
remoteWrite:
|
||||||
- url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write
|
- url: http://victoria-metrics-server.monitoring.svc:8428/api/v1/write
|
||||||
|
|
||||||
# select everything
|
|
||||||
podMonitorSelectorNilUsesHelmValues: false
|
|
||||||
podMonitorSelector: {}
|
|
||||||
serviceMonitorSelectorNilUsesHelmValues: false
|
|
||||||
serviceMonitorSelector: {}
|
|
||||||
ruleSelectorNilUsesHelmValues: false
|
|
||||||
ruleSelector: {}
|
|
||||||
probeSelectorNilUsesHelmValues: false
|
|
||||||
probeSelector: {}
|
|
||||||
scrapeConfigSelectorNilUsesHelmValues: false
|
|
||||||
scrapeConfigSelector: {}
|
|
||||||
|
|
||||||
storageSpec:
|
storageSpec:
|
||||||
volumeClaimTemplate:
|
volumeClaimTemplate:
|
||||||
|
|
|
@ -10,5 +10,5 @@ resources:
|
||||||
- ./victoria-metrics
|
- ./victoria-metrics
|
||||||
- ./varken
|
- ./varken
|
||||||
- ./proxmoxve-exporter
|
- ./proxmoxve-exporter
|
||||||
- ./external-monitors
|
#- ./external-monitors
|
||||||
- ./flux
|
- ./flux
|
|
@ -8,7 +8,7 @@ spec:
|
||||||
chart:
|
chart:
|
||||||
spec:
|
spec:
|
||||||
chart: victoria-metrics-single
|
chart: victoria-metrics-single
|
||||||
version: 0.12.3
|
version: 0.12.2
|
||||||
sourceRef:
|
sourceRef:
|
||||||
kind: HelmRepository
|
kind: HelmRepository
|
||||||
name: victoria-metrics-charts
|
name: victoria-metrics-charts
|
||||||
|
|
|
@ -8,7 +8,7 @@ resources:
|
||||||
- ./traefik/ks.yaml
|
- ./traefik/ks.yaml
|
||||||
# storage
|
# storage
|
||||||
- ./longhorn
|
- ./longhorn
|
||||||
- ./openebs/ks.yaml
|
- ./openebs
|
||||||
|
|
||||||
- ./kube-replicator
|
- ./kube-replicator
|
||||||
|
|
||||||
|
|
|
@ -5,5 +5,4 @@ resources:
|
||||||
- ./helm-repository.yaml
|
- ./helm-repository.yaml
|
||||||
- ./helm-release.yaml
|
- ./helm-release.yaml
|
||||||
- ./alerts.yaml
|
- ./alerts.yaml
|
||||||
- ./service-monitor.yaml
|
- ./service-monitor.yaml
|
||||||
- ./snapshot-class.yaml
|
|
|
@ -1,7 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/snapshot.storage.k8s.io/volumesnapshotclass_v1.json
|
|
||||||
kind: VolumeSnapshotClass
|
|
||||||
apiVersion: snapshot.storage.k8s.io/v1
|
|
||||||
metadata:
|
|
||||||
name: longhorn
|
|
||||||
driver: driver.longhorn.io
|
|
||||||
deletionPolicy: Delete
|
|
|
@ -1,59 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2.json
|
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: openebs
|
|
||||||
namespace: openebs-system
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: openebs
|
|
||||||
version: 4.1.0
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: openebs
|
|
||||||
namespace: flux-system
|
|
||||||
values:
|
|
||||||
openebs-crds:
|
|
||||||
csi:
|
|
||||||
volumeSnapshots:
|
|
||||||
enabled: false
|
|
||||||
keep: false
|
|
||||||
|
|
||||||
zfs-localpv:
|
|
||||||
crds:
|
|
||||||
zfsLocalPv:
|
|
||||||
enabled: true
|
|
||||||
csi:
|
|
||||||
volumeSnapshots:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
# Refer to https://github.com/openebs/dynamic-localpv-provisioner/blob/HEAD/deploy/helm/charts/values.yaml for complete set of values.
|
|
||||||
localpv-provisioner:
|
|
||||||
rbac:
|
|
||||||
create: true
|
|
||||||
|
|
||||||
# Refer to https://github.com/openebs/lvm-localpv/blob/lvm-localpv-1.6.2/deploy/helm/charts/values.yaml for complete set of values.
|
|
||||||
lvm-localpv:
|
|
||||||
crds:
|
|
||||||
lvmLocalPv:
|
|
||||||
enabled: false
|
|
||||||
csi:
|
|
||||||
volumeSnapshots:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
# Refer to https://github.com/openebs/mayastor-extensions/blob/v2.7.0/chart/values.yaml for complete set of values.
|
|
||||||
mayastor:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
engines:
|
|
||||||
local:
|
|
||||||
lvm:
|
|
||||||
enabled: false
|
|
||||||
zfs:
|
|
||||||
enabled: true
|
|
||||||
replicated:
|
|
||||||
mayastor:
|
|
||||||
enabled: false
|
|
||||||
|
|
|
@ -1,17 +0,0 @@
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: openebs
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 1m
|
|
||||||
url: https://openebs.github.io/openebs
|
|
||||||
---
|
|
||||||
apiVersion: source.toolkit.fluxcd.io/v1
|
|
||||||
kind: HelmRepository
|
|
||||||
metadata:
|
|
||||||
name: openebs-monitoring
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
interval: 1m
|
|
||||||
url: https://openebs.github.io/monitoring
|
|
|
@ -1,39 +0,0 @@
|
||||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
||||||
kind: HelmRelease
|
|
||||||
metadata:
|
|
||||||
name: openebs-monitoring
|
|
||||||
namespace: openebs-system
|
|
||||||
spec:
|
|
||||||
interval: 5m
|
|
||||||
chart:
|
|
||||||
spec:
|
|
||||||
chart: openebs-monitoring
|
|
||||||
version: 0.4.13
|
|
||||||
sourceRef:
|
|
||||||
kind: HelmRepository
|
|
||||||
name: openebs-monitoring-charts
|
|
||||||
namespace: flux-system
|
|
||||||
|
|
||||||
values:
|
|
||||||
kube-prometheus-stack:
|
|
||||||
install: false
|
|
||||||
|
|
||||||
openebsMonitoringAddon:
|
|
||||||
# this is the only provisioner enabled
|
|
||||||
localPV:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
cStore:
|
|
||||||
enabled: false
|
|
||||||
jiva:
|
|
||||||
enabled: false
|
|
||||||
ndm:
|
|
||||||
enabled: false
|
|
||||||
npd:
|
|
||||||
enabled: false
|
|
||||||
deviceLocalPV:
|
|
||||||
enabled: false
|
|
||||||
lvmLocalPV:
|
|
||||||
enabled: false
|
|
||||||
zfsLocalPV:
|
|
||||||
enabled: true
|
|
|
@ -1,4 +0,0 @@
|
||||||
apiVersion: v1
|
|
||||||
kind: Namespace
|
|
||||||
metadata:
|
|
||||||
name: openebs-system
|
|
|
@ -1,54 +0,0 @@
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: openebs
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
targetNamespace: openebs-system
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
path: ./kubernetes/main/core/openebs/app
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
postBuild:
|
|
||||||
substitute: {}
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
||||||
---
|
|
||||||
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
|
|
||||||
apiVersion: kustomize.toolkit.fluxcd.io/v1
|
|
||||||
kind: Kustomization
|
|
||||||
metadata:
|
|
||||||
name: openebs-sc
|
|
||||||
namespace: flux-system
|
|
||||||
spec:
|
|
||||||
timeout: 5m
|
|
||||||
interval: 10m
|
|
||||||
path: ./kubernetes/main/core/openebs/storage-class
|
|
||||||
prune: true
|
|
||||||
sourceRef:
|
|
||||||
kind: GitRepository
|
|
||||||
name: home-cluster
|
|
||||||
decryption:
|
|
||||||
provider: sops
|
|
||||||
secretRef:
|
|
||||||
name: sops-gpg
|
|
||||||
dependsOn:
|
|
||||||
- name: openebs
|
|
||||||
postBuild:
|
|
||||||
substitute: {}
|
|
||||||
substituteFrom:
|
|
||||||
- kind: ConfigMap
|
|
||||||
name: cluster-settings
|
|
||||||
- kind: Secret
|
|
||||||
name: cluster-secrets
|
|
|
@ -1,5 +1,5 @@
|
||||||
apiVersion: kustomize.config.k8s.io/v1beta1
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
kind: Kustomization
|
kind: Kustomization
|
||||||
resources:
|
resources:
|
||||||
- ../../../../../common/templates/volsync
|
- ../../../common/apps/openebs
|
||||||
- ./helm-release.yaml
|
- ./mainpool-sc.yaml
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue