Chore/add app template template #378
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FreekingDean
force-pushed
the
chore/add-app-template-template
branch
from
549dc21 to
dc9d9e9
Compare
no HelmRelease objects found in cluster |
no Kustomization objects found in cluster |
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -7,18 +7,17 @@
app.kubernetes.io/name: glauth
name: glauth
namespace: default
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -26,69 +25,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
|
3 similar comments
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -7,18 +7,17 @@
app.kubernetes.io/name: glauth
name: glauth
namespace: default
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -26,69 +25,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
|
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -7,18 +7,17 @@
app.kubernetes.io/name: glauth
name: glauth
namespace: default
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -26,69 +25,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
|
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -7,18 +7,17 @@
app.kubernetes.io/name: glauth
name: glauth
namespace: default
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -26,69 +25,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
|
FreekingDean
force-pushed
the
chore/add-app-template-template
branch
from
9aa039d to
6335b9e
Compare
no Kustomization objects found in cluster |
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -7,18 +7,17 @@
app.kubernetes.io/name: glauth
name: glauth
namespace: default
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -26,69 +25,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
|
no HelmRelease objects found in cluster |
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -9,18 +9,17 @@
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: glauth
namespace: default
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,69 +27,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
|
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: auth/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: auth/glauth
@@ -9,18 +9,17 @@
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: glauth
namespace: auth
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,69 +27,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
|
no HelmRelease objects found in cluster |
no Kustomization objects found in cluster |
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: recyclarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: recyclarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/recyclarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-recyclarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-plex ExternalSecret: default/plex-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-plex ExternalSecret: default/plex-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-plex
- kustomize.toolkit.fluxcd.io/namespace: default
- name: plex-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: plex-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-plex ReplicationSource: default/plex
+++ kubernetes/modules/volsync Kustomization: default/volsync-plex ReplicationSource: default/plex
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-plex
- kustomize.toolkit.fluxcd.io/namespace: default
- name: plex
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: plex-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/plex
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-plex-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sabnzbd-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sabnzbd-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sabnzbd
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sabsnzbd-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ExternalSecret: default/sonarr-4k-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ExternalSecret: default/sonarr-4k-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-4k-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-4k-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ReplicationSource: default/sonarr-4k
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ReplicationSource: default/sonarr-4k
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-4k
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-4k-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr-4k
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-4k-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: prowlarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: prowlarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/prowlarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-prowlarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ExternalSecret: default/radarr-4k-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ExternalSecret: default/radarr-4k-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-4k-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-4k-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ReplicationSource: default/radarr-4k
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ReplicationSource: default/radarr-4k
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-4k
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-4k-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr-4k
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-4k-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: auth/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: auth/glauth
@@ -9,18 +9,17 @@
kustomize.toolkit.fluxcd.io/namespace: flux-system
name: glauth
namespace: auth
spec:
chart:
spec:
- chart: app-template
+ chart: ./kubernetes/modules/app-template
sourceRef:
- kind: HelmRepository
- name: bjw-s
+ kind: GitRepository
+ name: home-kubernetes
namespace: flux-system
- version: 1.5.1
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,69 +27,38 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
+ myvalues:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ ingress:
+ enabled: false
+ persistence:
+ config:
+ items:
+ groups.toml: groups.toml
+ server.toml: server.toml
+ users.toml: users.toml
+ name: glauth-secret
+ type: secret
+ pod:
+ labels:
+ app: glauth
+ version: v1
+ ports:
+ http: 5555
+ ldap: 389
replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
- persistence:
- config:
- enabled: true
- items:
- - key: server.toml
- path: server.toml
- - key: groups.toml
- path: groups.toml
- - key: users.toml
- path: users.toml
- name: glauth-secret
- type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
+ resources:
+ limits: 50Mi
+ requests: 10Mi
runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
- service:
- main:
- ports:
- http:
- port: 5555
- ldap:
- enabled: true
- port: 389
- serviceMonitor:
- main:
- enabled: true
- endpoints:
- - interval: 1m
- path: /metrics
- port: metrics
- scheme: http
- scrapeTimeout: 10s
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ serviceMonitor: true
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant-rclone
- namespace: home-assistant
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: home-assistant-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant
- namespace: home-assistant
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: home-assistant-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/home-assistant
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-home-assistant-0
- trigger:
- schedule: 0 0 * * *
- |
no Kustomization objects found in cluster |
no HelmRelease objects found in cluster |
--- kubernetes/modules/volsync Kustomization: default/volsync-overseer ExternalSecret: default/overseerr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-overseer ExternalSecret: default/overseerr-rclone
@@ -0,0 +1,31 @@
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: volsync-overseer
+ kustomize.toolkit.fluxcd.io/namespace: default
+ name: overseerr-rclone
+ namespace: default
+spec:
+ data:
+ - remoteRef:
+ key: restic_gcp_creds
+ secretKey: gcp_creds
+ secretStoreRef:
+ kind: ClusterSecretStore
+ name: onepassword-connect
+ target:
+ creationPolicy: Owner
+ name: overseerr-rclone-secret
+ template:
+ data:
+ gcpcreds.json: '{{ .gcp_creds }}'
+ rclone.conf: |
+ [gcp]
+ type = google cloud storage
+ project_number = "${GOOGLE_PROJECT_ID}"
+ service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
+ bucket_policy_only = true
+ engineVersion: v2
+
--- kubernetes/modules/volsync Kustomization: default/volsync-overseer ReplicationSource: default/overseerr
+++ kubernetes/modules/volsync Kustomization: default/volsync-overseer ReplicationSource: default/overseerr
@@ -0,0 +1,21 @@
+---
+apiVersion: volsync.backube/v1alpha1
+kind: ReplicationSource
+metadata:
+ labels:
+ kustomize.toolkit.fluxcd.io/name: volsync-overseer
+ kustomize.toolkit.fluxcd.io/namespace: default
+ name: overseerr
+ namespace: default
+spec:
+ rclone:
+ copyMethod: Snapshot
+ rcloneConfig: overseerr-rclone-secret
+ rcloneConfigSection: gcp
+ rcloneDestPath: ${REPOSITORY_TEMPLATE}/overseerr
+ storageClassName: ceph-rbd
+ volumeSnapshotClassName: csi-ceph-rbd
+ sourcePVC: config-overseerr-0
+ trigger:
+ schedule: 0 0 * * *
+
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sabnzbd-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sabnzbd-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sabnzbd
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sabsnzbd-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-plex ExternalSecret: default/plex-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-plex ExternalSecret: default/plex-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-plex
- kustomize.toolkit.fluxcd.io/namespace: default
- name: plex-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: plex-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-plex ReplicationSource: default/plex
+++ kubernetes/modules/volsync Kustomization: default/volsync-plex ReplicationSource: default/plex
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-plex
- kustomize.toolkit.fluxcd.io/namespace: default
- name: plex
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: plex-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/plex
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-plex-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ExternalSecret: default/radarr-4k-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ExternalSecret: default/radarr-4k-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-4k-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-4k-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ReplicationSource: default/radarr-4k
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ReplicationSource: default/radarr-4k
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-4k
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-4k-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr-4k
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-4k-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ExternalSecret: default/sonarr-4k-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ExternalSecret: default/sonarr-4k-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-4k-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-4k-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ReplicationSource: default/sonarr-4k
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ReplicationSource: default/sonarr-4k
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-4k
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-4k-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr-4k
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-4k-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: prowlarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: prowlarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/prowlarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-prowlarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ExternalSecret: default/radarr-unused-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ExternalSecret: default/radarr-unused-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-unused
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-unused-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-unused-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ReplicationSource: default/radarr-unused
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ReplicationSource: default/radarr-unused
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-unused
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-unused
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-unused-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr-unused
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-unused-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: recyclarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: recyclarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/recyclarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-recyclarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -14,13 +14,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 1.5.1
+ version: 2.4.0
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,57 +28,54 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
- replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
+ controllers:
+ containers:
+ main:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ main:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ replicas: 2
+ strategy: RollingUpdate
+ securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 1000
+ runAsUser: 1000
+ defaultPodOptions:
+ labels:
+ app: glauth
+ version: v1
persistence:
config:
enabled: true
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
name: glauth-secret
type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
service:
main:
ports:
http:
port: 5555
ldap:
- enabled: true
port: 389
serviceMonitor:
main:
enabled: true
endpoints:
- interval: 1m
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant-rclone
- namespace: home-assistant
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: home-assistant-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant
- namespace: home-assistant
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: home-assistant-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/home-assistant
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-home-assistant-0
- trigger:
- schedule: 0 0 * * *
- |
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: prowlarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: prowlarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/prowlarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-prowlarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: recyclarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: recyclarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/recyclarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-recyclarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sabnzbd-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sabnzbd-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sabnzbd
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sabsnzbd-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: auth/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: auth/glauth
@@ -14,13 +14,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 1.5.1
+ version: 2.4.0
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,57 +28,54 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
- replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
+ controllers:
+ containers:
+ main:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ main:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ replicas: 2
+ strategy: RollingUpdate
+ securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 1000
+ runAsUser: 1000
+ defaultPodOptions:
+ labels:
+ app: glauth
+ version: v1
persistence:
config:
enabled: true
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
name: glauth-secret
type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
service:
main:
ports:
http:
port: 5555
ldap:
- enabled: true
port: 389
serviceMonitor:
main:
enabled: true
endpoints:
- interval: 1m
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant-rclone
- namespace: home-assistant
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: home-assistant-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant
- namespace: home-assistant
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: home-assistant-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/home-assistant
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-home-assistant-0
- trigger:
- schedule: 0 0 * * *
- |
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -14,13 +14,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 1.5.1
+ version: 2.4.0
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,57 +28,54 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
- replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
+ controllers:
+ containers:
+ main:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ main:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ replicas: 2
+ strategy: RollingUpdate
+ securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 1000
+ runAsUser: 1000
+ defaultPodOptions:
+ labels:
+ app: glauth
+ version: v1
persistence:
config:
enabled: true
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
name: glauth-secret
type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
service:
main:
ports:
http:
port: 5555
ldap:
- enabled: true
port: 389
serviceMonitor:
main:
enabled: true
endpoints:
- interval: 1m |
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -14,13 +14,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 1.5.1
+ version: 2.4.0
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,57 +28,54 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
- replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
+ controllers:
+ main:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ main:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ replicas: 2
+ securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 1000
+ runAsUser: 1000
+ strategy: RollingUpdate
+ defaultPodOptions:
+ labels:
+ app: glauth
+ version: v1
persistence:
config:
enabled: true
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
name: glauth-secret
type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
service:
main:
ports:
http:
port: 5555
ldap:
- enabled: true
port: 389
serviceMonitor:
main:
enabled: true
endpoints:
- interval: 1m |
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -14,13 +14,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 1.5.1
+ version: 2.4.0
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,57 +28,54 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
- replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
+ controllers:
+ main:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ main:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ replicas: 2
+ securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 1000
+ runAsUser: 1000
+ strategy: RollingUpdate
+ defaultPodOptions:
+ labels:
+ app: glauth
+ version: v1
persistence:
config:
enabled: true
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
name: glauth-secret
type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
service:
main:
ports:
http:
port: 5555
ldap:
- enabled: true
port: 389
serviceMonitor:
main:
enabled: true
endpoints:
- interval: 1m
--- kubernetes/apps/default/overseerr/app Kustomization: flux-system/cluster-apps-overseerr Kustomization: default/volsync-overseer
+++ kubernetes/apps/default/overseerr/app Kustomization: flux-system/cluster-apps-overseerr Kustomization: default/volsync-overseer
@@ -1,32 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- app.kubernetes.io/instance: overseerr
- app.kubernetes.io/name: overseerr
- kustomize.toolkit.fluxcd.io/name: cluster-apps-overseerr
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: volsync-overseer
- namespace: default
-spec:
- dependsOn:
- - name: cluster-apps-volsync
- namespace: flux-system
- interval: 30m
- path: ./kubernetes/modules/volsync
- postBuild:
- substitute:
- GOOGLE_PROJECT_ID: ${GOOGLE_PROJECT_ID}
- NAME: overseerr
- NAMESPACE: default
- PVC: config-overseerr-0
- REPOSITORY_TEMPLATE: ${REPOSITORY_TEMPLATE}
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- namespace: flux-system
- timeout: 3m
-
--- kubernetes/apps/default/recyclarr/app Kustomization: flux-system/cluster-apps-recyclarr Kustomization: default/volsync-recyclarr
+++ kubernetes/apps/default/recyclarr/app Kustomization: flux-system/cluster-apps-recyclarr Kustomization: default/volsync-recyclarr
@@ -1,32 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- app.kubernetes.io/instance: recyclarr
- app.kubernetes.io/name: recyclarr
- kustomize.toolkit.fluxcd.io/name: cluster-apps-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: volsync-recyclarr
- namespace: default
-spec:
- dependsOn:
- - name: cluster-apps-volsync
- namespace: flux-system
- interval: 30m
- path: ./kubernetes/modules/volsync
- postBuild:
- substitute:
- GOOGLE_PROJECT_ID: ${GOOGLE_PROJECT_ID}
- NAME: recyclarr
- NAMESPACE: default
- PVC: config-recyclarr-0
- REPOSITORY_TEMPLATE: ${REPOSITORY_TEMPLATE}
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- namespace: flux-system
- timeout: 3m
- |
--- kubernetes HelmRelease: default/glauth Service: default/glauth
+++ kubernetes HelmRelease: default/glauth Service: default/glauth
@@ -1,25 +1,26 @@
---
apiVersion: v1
kind: Service
metadata:
name: glauth
labels:
- app.kubernetes.io/service: glauth
app.kubernetes.io/instance: glauth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: glauth
+ app.kubernetes.io/service: glauth
spec:
type: ClusterIP
ports:
- port: 5555
- targetPort: http
+ targetPort: 5555
protocol: TCP
name: http
- port: 389
- targetPort: ldap
+ targetPort: 389
protocol: TCP
name: ldap
selector:
+ app.kubernetes.io/component: main
app.kubernetes.io/instance: glauth
app.kubernetes.io/name: glauth
--- kubernetes HelmRelease: default/glauth Deployment: default/glauth
+++ kubernetes HelmRelease: default/glauth Deployment: default/glauth
@@ -1,68 +1,58 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: glauth
labels:
+ app.kubernetes.io/component: main
app.kubernetes.io/instance: glauth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: glauth
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
+ app.kubernetes.io/component: main
app.kubernetes.io/name: glauth
app.kubernetes.io/instance: glauth
template:
metadata:
labels:
+ app: glauth
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: glauth
app.kubernetes.io/name: glauth
- app.kubernetes.io/instance: glauth
- app: glauth
version: v1
spec:
+ enableServiceLinks: true
serviceAccountName: default
automountServiceAccountToken: true
- securityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
dnsPolicy: ClusterFirst
- enableServiceLinks: true
containers:
- - name: glauth
- image: ghcr.io/onedr0p/glauth:v2.2.0-rc1
- imagePullPolicy: null
- command:
+ - command:
- /app/glauth
- -c
- /config
- ports:
- - name: http
- containerPort: 5555
- protocol: TCP
- - name: ldap
- containerPort: 389
- protocol: TCP
- volumeMounts:
- - name: config
- mountPath: /config
+ image: ghcr.io/onedr0p/glauth:v2.2.0-rc1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
tcpSocket:
port: 5555
timeoutSeconds: 1
+ name: main
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
tcpSocket:
port: 5555
@@ -71,31 +61,21 @@
failureThreshold: 30
initialDelaySeconds: 0
periodSeconds: 5
tcpSocket:
port: 5555
timeoutSeconds: 1
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
+ volumeMounts:
+ - mountPath: /config
+ name: config
volumes:
- name: config
secret:
- secretName: glauth-secret
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ secretName: glauth-secret
|
--- kubernetes HelmRelease: default/glauth Service: default/glauth
+++ kubernetes HelmRelease: default/glauth Service: default/glauth
@@ -1,25 +1,26 @@
---
apiVersion: v1
kind: Service
metadata:
name: glauth
labels:
- app.kubernetes.io/service: glauth
app.kubernetes.io/instance: glauth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: glauth
+ app.kubernetes.io/service: glauth
spec:
type: ClusterIP
ports:
- port: 5555
- targetPort: http
+ targetPort: 5555
protocol: TCP
name: http
- port: 389
- targetPort: ldap
+ targetPort: 389
protocol: TCP
name: ldap
selector:
+ app.kubernetes.io/component: main
app.kubernetes.io/instance: glauth
app.kubernetes.io/name: glauth
--- kubernetes HelmRelease: default/glauth Deployment: default/glauth
+++ kubernetes HelmRelease: default/glauth Deployment: default/glauth
@@ -1,101 +1,86 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: glauth
labels:
+ app.kubernetes.io/component: main
app.kubernetes.io/instance: glauth
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: glauth
annotations:
reloader.stakater.com/auto: 'true'
spec:
revisionHistoryLimit: 3
replicas: 2
strategy:
type: RollingUpdate
selector:
matchLabels:
+ app.kubernetes.io/component: main
app.kubernetes.io/name: glauth
app.kubernetes.io/instance: glauth
template:
metadata:
labels:
+ app: glauth
+ app.kubernetes.io/component: main
+ app.kubernetes.io/instance: glauth
app.kubernetes.io/name: glauth
- app.kubernetes.io/instance: glauth
- app: glauth
version: v1
spec:
+ enableServiceLinks: true
serviceAccountName: default
automountServiceAccountToken: true
- securityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
+ hostIPC: false
+ hostNetwork: false
+ hostPID: false
dnsPolicy: ClusterFirst
- enableServiceLinks: true
containers:
- - name: glauth
- image: ghcr.io/onedr0p/glauth:v2.2.0-rc1
- imagePullPolicy: null
- command:
+ - command:
- /app/glauth
- -c
- /config
- ports:
- - name: http
- containerPort: 5555
- protocol: TCP
- - name: ldap
- containerPort: 389
- protocol: TCP
- volumeMounts:
- - name: config
- mountPath: /config
+ image: ghcr.io/onedr0p/glauth:v2.2.0-rc1
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
tcpSocket:
port: 5555
timeoutSeconds: 1
+ name: main
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 0
periodSeconds: 10
tcpSocket:
port: 5555
timeoutSeconds: 1
+ securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 1000
+ runAsUser: 1000
startupProbe:
failureThreshold: 30
initialDelaySeconds: 0
periodSeconds: 5
tcpSocket:
port: 5555
timeoutSeconds: 1
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
+ volumeMounts:
+ - mountPath: /config
+ name: config
volumes:
- name: config
secret:
- secretName: glauth-secret
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
- topologySpreadConstraints:
- - labelSelector:
- matchLabels:
- app.kubernetes.io/name: glauth
- maxSkew: 1
- topologyKey: kubernetes.io/hostname
- whenUnsatisfiable: DoNotSchedule
+ secretName: glauth-secret
|
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ExternalSecret: default/radarr-4k-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ExternalSecret: default/radarr-4k-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-4k-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-4k-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ReplicationSource: default/radarr-4k
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-4k ReplicationSource: default/radarr-4k
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-4k
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-4k-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr-4k
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-4k-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-unsued ExternalSecret: default/sonarr-unused-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-unsued ExternalSecret: default/sonarr-unused-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-unsued
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-unused-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-unused-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-unsued ReplicationSource: default/sonarr-unused
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-unsued ReplicationSource: default/sonarr-unused
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-unsued
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-unused
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-unused-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr-unused
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-unused-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ExternalSecret: default/recyclarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: recyclarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-recyclarr ReplicationSource: default/recyclarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: recyclarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: recyclarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/recyclarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-recyclarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ExternalSecret: default/radarr-unused-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ExternalSecret: default/radarr-unused-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-unused
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-unused-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-unused-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ReplicationSource: default/radarr-unused
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr-unused ReplicationSource: default/radarr-unused
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr-unused
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-unused
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-unused-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr-unused
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-unused-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ExternalSecret: default/sabnzbd-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sabnzbd-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
+++ kubernetes/modules/volsync Kustomization: default/volsync-sabsnzbd ReplicationSource: default/sabnzbd
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sabsnzbd
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sabnzbd
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sabnzbd-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sabnzbd
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sabsnzbd-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ExternalSecret: default/prowlarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: prowlarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-prowlarr ReplicationSource: default/prowlarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-prowlarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: prowlarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: prowlarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/prowlarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-prowlarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ExternalSecret: default/radarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: radarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-radarr ReplicationSource: default/radarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-radarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: radarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: radarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/radarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-radarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ExternalSecret: default/sonarr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr ReplicationSource: default/sonarr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-overseer ExternalSecret: default/overseerr-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-overseer ExternalSecret: default/overseerr-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-overseer
- kustomize.toolkit.fluxcd.io/namespace: default
- name: overseerr-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: overseerr-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-overseer ReplicationSource: default/overseerr
+++ kubernetes/modules/volsync Kustomization: default/volsync-overseer ReplicationSource: default/overseerr
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-overseer
- kustomize.toolkit.fluxcd.io/namespace: default
- name: overseerr
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: overseerr-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/overseerr
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-overseerr-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ExternalSecret: default/sonarr-4k-rclone
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ExternalSecret: default/sonarr-4k-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-4k-rclone
- namespace: default
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: sonarr-4k-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ReplicationSource: default/sonarr-4k
+++ kubernetes/modules/volsync Kustomization: default/volsync-sonarr-4k ReplicationSource: default/sonarr-4k
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-sonarr-4k
- kustomize.toolkit.fluxcd.io/namespace: default
- name: sonarr-4k
- namespace: default
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: sonarr-4k-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/sonarr-4k
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-sonarr-4k-0
- trigger:
- schedule: 0 0 * * *
-
--- kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
+++ kubernetes/apps/auth/glauth/app Kustomization: flux-system/cluster-apps-glauth HelmRelease: default/glauth
@@ -14,13 +14,13 @@
spec:
chart: app-template
sourceRef:
kind: HelmRepository
name: bjw-s
namespace: flux-system
- version: 1.5.1
+ version: 2.4.0
install:
createNamespace: true
remediation:
retries: 3
interval: 15m
maxHistory: 3
@@ -28,57 +28,54 @@
keepHistory: false
upgrade:
cleanupOnFail: true
remediation:
retries: 3
values:
- command:
- - /app/glauth
- - -c
- - /config
- controller:
- annotations:
- reloader.stakater.com/auto: 'true'
- replicas: 2
- strategy: RollingUpdate
- image:
- repository: ghcr.io/onedr0p/glauth
- tag: v2.2.0-rc1
+ controllers:
+ main:
+ annotations:
+ reloader.stakater.com/auto: 'true'
+ containers:
+ main:
+ command:
+ - /app/glauth
+ - -c
+ - /config
+ image:
+ repository: ghcr.io/onedr0p/glauth
+ tag: v2.2.0-rc1
+ securityContext:
+ fsGroup: 1000
+ fsGroupChangePolicy: OnRootMismatch
+ runAsGroup: 1000
+ runAsUser: 1000
+ replicas: 2
+ strategy: RollingUpdate
+ defaultPodOptions:
+ labels:
+ app: glauth
+ version: v1
persistence:
config:
enabled: true
items:
- key: server.toml
path: server.toml
- key: groups.toml
path: groups.toml
- key: users.toml
path: users.toml
name: glauth-secret
type: secret
- podLabels:
- app: glauth
- version: v1
- podSecurityContext:
- fsGroup: 1000
- fsGroupChangePolicy: OnRootMismatch
- runAsGroup: 1000
- runAsUser: 1000
- resources:
- limits:
- memory: 50Mi
- requests:
- cpu: 5m
- memory: 10Mi
service:
main:
ports:
http:
port: 5555
ldap:
- enabled: true
port: 389
serviceMonitor:
main:
enabled: true
endpoints:
- interval: 1m
--- kubernetes/apps/default/overseerr/app Kustomization: flux-system/cluster-apps-overseerr Kustomization: default/volsync-overseer
+++ kubernetes/apps/default/overseerr/app Kustomization: flux-system/cluster-apps-overseerr Kustomization: default/volsync-overseer
@@ -1,32 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- app.kubernetes.io/instance: overseerr
- app.kubernetes.io/name: overseerr
- kustomize.toolkit.fluxcd.io/name: cluster-apps-overseerr
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: volsync-overseer
- namespace: default
-spec:
- dependsOn:
- - name: cluster-apps-volsync
- namespace: flux-system
- interval: 30m
- path: ./kubernetes/modules/volsync
- postBuild:
- substitute:
- GOOGLE_PROJECT_ID: ${GOOGLE_PROJECT_ID}
- NAME: overseerr
- NAMESPACE: default
- PVC: config-overseerr-0
- REPOSITORY_TEMPLATE: ${REPOSITORY_TEMPLATE}
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- namespace: flux-system
- timeout: 3m
-
--- kubernetes/apps/default/recyclarr/app Kustomization: flux-system/cluster-apps-recyclarr Kustomization: default/volsync-recyclarr
+++ kubernetes/apps/default/recyclarr/app Kustomization: flux-system/cluster-apps-recyclarr Kustomization: default/volsync-recyclarr
@@ -1,32 +0,0 @@
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1
-kind: Kustomization
-metadata:
- labels:
- app.kubernetes.io/instance: recyclarr
- app.kubernetes.io/name: recyclarr
- kustomize.toolkit.fluxcd.io/name: cluster-apps-recyclarr
- kustomize.toolkit.fluxcd.io/namespace: flux-system
- name: volsync-recyclarr
- namespace: default
-spec:
- dependsOn:
- - name: cluster-apps-volsync
- namespace: flux-system
- interval: 30m
- path: ./kubernetes/modules/volsync
- postBuild:
- substitute:
- GOOGLE_PROJECT_ID: ${GOOGLE_PROJECT_ID}
- NAME: recyclarr
- NAMESPACE: default
- PVC: config-recyclarr-0
- REPOSITORY_TEMPLATE: ${REPOSITORY_TEMPLATE}
- prune: true
- retryInterval: 1m
- sourceRef:
- kind: GitRepository
- name: home-kubernetes
- namespace: flux-system
- timeout: 3m
-
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ExternalSecret: home-assistant/home-assistant-rclone
@@ -1,31 +0,0 @@
----
-apiVersion: external-secrets.io/v1beta1
-kind: ExternalSecret
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant-rclone
- namespace: home-assistant
-spec:
- data:
- - remoteRef:
- key: restic_gcp_creds
- secretKey: gcp_creds
- secretStoreRef:
- kind: ClusterSecretStore
- name: onepassword-connect
- target:
- creationPolicy: Owner
- name: home-assistant-rclone-secret
- template:
- data:
- gcpcreds.json: '{{ .gcp_creds }}'
- rclone.conf: |
- [gcp]
- type = google cloud storage
- project_number = "${GOOGLE_PROJECT_ID}"
- service_account_file = ${RCLONE_CONFIG_DIR}/gcpcreds.json
- bucket_policy_only = true
- engineVersion: v2
-
--- kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
+++ kubernetes/modules/volsync Kustomization: home-assistant/volsync-home-assistant ReplicationSource: home-assistant/home-assistant
@@ -1,21 +0,0 @@
----
-apiVersion: volsync.backube/v1alpha1
-kind: ReplicationSource
-metadata:
- labels:
- kustomize.toolkit.fluxcd.io/name: volsync-home-assistant
- kustomize.toolkit.fluxcd.io/namespace: home-assistant
- name: home-assistant
- namespace: home-assistant
-spec:
- rclone:
- copyMethod: Snapshot
- rcloneConfig: home-assistant-rclone-secret
- rcloneConfigSection: gcp
- rcloneDestPath: ${REPOSITORY_TEMPLATE}/home-assistant
- storageClassName: ceph-rbd
- volumeSnapshotClassName: csi-ceph-rbd
- sourcePVC: config-home-assistant-0
- trigger:
- schedule: 0 0 * * *
- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a templated app-template for all my app templates.