grant/fog
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: grant:60b99e2130d43810157af6c86a250e9e7be1a632
Branches Tags
grant:main
..
compare: grant:cdfb9c7505d9dda5d06deb3e0e0375d2c85aaeaf
Branches Tags
grant:main

No commits in common. "60b99e2130d43810157af6c86a250e9e7be1a632" and "cdfb9c7505d9dda5d06deb3e0e0375d2c85aaeaf" have entirely different histories.
60b99e2130 ... cdfb9c7505

19 changed files with 8 additions and 331 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -13,5 +13,3 @@ talos/secrets.yaml
kgnot/config.production.json
53ll/config.production.json
*.key
*.pub

0
gitea/ssh_ingress.yaml
View File

59
gitea/values.yaml
View File

@ -1,59 +0,0 @@
gitea:
config:
server:
ROOT_URL: https://git.incngrnt.ca/
MINIMUM_KEY_SIZE_CHECK: false
service:
DISABLE_REGISTRATION: true
database:
DB_TYPE: postgres
indexer:
ISSUE_INDEXER_TYPE: bleve
REPO_INDEXER_ENABLED: true
cron:
enabled: true
repository:
DISABLE_DOWNLOAD_SOURCE_ARCHIVES: true
additionalConfigFromEnvs:
- name: GITEA__DATABASE__HOST
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: host
- name: GITEA__DATABASE__NAME
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: dbname
- name: GITEA__DATABASE__USER
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: user
- name: GITEA__DATABASE__PASSWD
valueFrom:
secretKeyRef:
name: postgres-pguser-gitea
key: password
strategy:
type: Recreate
ingress:
enabled: true
hosts:
- host: git.incngrnt.ca
paths:
- path: "/"
pathType: Prefix
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
redis:
enabled: true
redis-cluster:
enabled: false
postgresql:
enabled: false
postgresql-ha:
enabled: false

23
grafana/alloy_values.yaml
View File

@ -1,23 +0,0 @@
alloy:
configMap:
content: |-
logging {
level = "info"
format = "logfmt"
}
discovery.kubernetes "pods" {
role = "pod"
}
loki.source.kubernetes "pods" {
targets = discovery.kubernetes.pods.targets
forward_to = [loki.write.loki.receiver]
}
loki.write "loki" {
endpoint {
url = "http://loki.grafana.svc.cluster.local:3100/loki/api/v1/push"
}
}

9
grafana/grafana_values.yaml
View File

@ -1,9 +0,0 @@
ingress:
enabled: true
hosts:
- watcher.incngrnt.ca
annotations:
"traefik.ingress.kubernetes.io/router.tls.certresolver": "letsencrypt"
persistence:
enabled: true

70
grafana/loki_values.yaml
View File

@ -1,70 +0,0 @@
loki:
commonConfig:
replication_factor: 1
schemaConfig:
configs:
- from: "2024-04-01"
store: tsdb
object_store: s3
schema: v13
index:
prefix: loki_index_
period: 24h
pattern_ingester:
enabled: true
limits_config:
allow_structured_metadata: true
volume_enabled: true
ruler:
enable_api: true
auth_enabled: false
resultsCache:
resources:
request:
cpu: 100ms
memory: 500Mi
limits:
memory: 500Mi
chunksCache:
resources:
request:
cpu: 100ms
memory: 500Mi
limits:
memory: 500Mi
minio:
enabled: true
deploymentMode: SingleBinary
singleBinary:
replicas: 1
# Zero out replica counts of other deployment modes
backend:
replicas: 0
read:
replicas: 0
write:
replicas: 0
ingester:
replicas: 0
querier:
replicas: 0
queryFrontend:
replicas: 0
queryScheduler:
replicas: 0
distributor:
replicas: 0
compactor:
replicas: 0
indexGateway:
replicas: 0
bloomCompactor:
replicas: 0
bloomGateway:
replicas: 0

3
grafana/prometheus_values.yaml
View File

@ -1,3 +0,0 @@
rometheus-node-exporter:
rbac:
pspEnabled: true

20
helmfile.lock
View File

@ -1,26 +1,17 @@
version: 0.170.1
dependencies:
- name: alloy
repository: https://grafana.github.io/helm-charts
version: 0.12.5
- name: ghost
repository: https://charts.bitnami.com/bitnami
version: 22.2.0
version: 22.1.19
- name: ghost
repository: https://charts.bitnami.com/bitnami
version: 22.2.0
version: 22.1.19
- name: gitea
repository: https://dl.gitea.io/charts
version: 11.0.0
- name: grafana
repository: https://grafana.github.io/helm-charts
version: 8.10.3
- name: k8up
repository: https://k8up-io.github.io/k8up
version: 4.8.4
- name: loki
repository: https://grafana.github.io/helm-charts
version: 6.28.0
- name: mariadb
repository: https://charts.bitnami.com/bitnami
version: 20.4.1
@ -33,9 +24,6 @@ dependencies:
- name: postgrescluster
repository: git+https://github.com/grantdhunter/postgres-operator@helm?ref=main
version: 5.7.2
- name: prometheus
repository: https://prometheus-community.github.io/helm-charts
version: 27.5.1
- name: rook-ceph
repository: https://charts.rook.io/release
version: v1.16.5
@ -48,5 +36,5 @@ dependencies:
- name: traefik
repository: https://traefik.github.io/charts
version: 34.4.1
digest: sha256:b28767f0ec4d8549e0b1de7446f3468555a2a67bf88d2b554e9a12c2de723d2d
generated: "2025-03-15T14:34:49.001292746-06:00"
digest: sha256:14c9bc504c5060f8bbce5ec9a8df737a19a7216428a31c1cb34ef5c6648e45c5
generated: "2025-03-12T21:27:22.529913117-06:00"

50
helmfile.yaml
View File

@ -19,10 +19,6 @@ repositories:
url: https://pkgs.tailscale.com/helmcharts
- name: gitea
url: https://dl.gitea.io/charts
- name: grafana
url: https://grafana.github.io/helm-charts
- name: prometheus-community
url: https://prometheus-community.github.io/helm-charts
releases:
# networking
- name: metallb
@ -56,8 +52,6 @@ releases:
namespace: rook-ceph
createNamespace: true
chart: rook-release/rook-ceph
values:
- ./rook-ceph/values.yaml
- name: rook-ceph-cluster
namespace: rook-ceph
createNamespace: true
@ -89,36 +83,6 @@ releases:
setString:
- name: auth.rootPassword
value: {{ requiredEnv "MARIADB_ROOT_PASSWORD" }}
# monitoring
- name: grafana
namespace: grafana
createNamespace: true
chart: grafana/grafana
values:
- grafana/grafana_values.yaml
setString:
- name: adminPassword
value: VYHEKk0Q9KfqQ3UpTx8oc4InrXlUQivUuEeGU8LJ
- name: prometheus
namespace: grafana
createNamespace: true
chart: prometheus-community/prometheus
values:
- grafana/prometheus_values.yaml
- name: loki
namespace: grafana
createNamespace: true
chart: grafana/loki
values:
- grafana/loki_values.yaml
- name: alloy
namespace: grafana
createNamespace: true
chart: grafana/alloy
values:
- grafana/alloy_values.yaml
# goatchat matrix
- name: goatchat
namespace: goatchat
@ -208,17 +172,3 @@ releases:
- name: repoPassword
value: {{ requiredEnv "k8UP_REPO_PASSWORD" }}
- name: gitea-backup
namespace: gitea
chart: ./k8up-backup
createNamespace: true
values:
- ./k8up-backup/values_override.yaml
setString:
- name: credentials.id
value: {{ requiredEnv "HETZNER_S3_ACCESS_KEY" }}
- name: credentials.key
value: {{ requiredEnv "HETZNER_S3_ACCESS_SECRET" }}
- name: repoPassword
value: {{ requiredEnv "k8UP_REPO_PASSWORD" }}

15
justfile
View File

@ -1,15 +0,0 @@
update:
bws run 'helmfile deps'
deploy:
bws run 'helmfile apply'
sdiff:
bws run 'helmfile diff --output simple'
ddiff:
bws run 'helmfile diff --output dyff'
cleanuppods:
kubectl get pods --no-headers | grep -v Running | awk '{print $1}' | xargs kubectl delete pod

6
k8up-backup/Chart.yaml
View File

@ -1,6 +0,0 @@
apiVersion: v2
name: k8up-backup
description: A Helm chart for a k8up backup
type: application
version: 0.0.3

20
k8up-backup/templates/backup.yaml
View File

@ -1,20 +0,0 @@
apiVersion: k8up.io/v1
kind: Backup
metadata:
name: {{ .Release.Name }}
spec:
failedJobsHistoryLimit: 2
successfulJobsHistoryLimit: 2
backend:
repoPasswordSecretRef:
name: "{{ .Release.Name }}-repopassword"
key: password
s3:
endpoint: "{{ .Values.endpoint }}"
bucket: "{{ .Values.bucket }}"
accessKeyIDSecretRef:
name: "{{ .Release.Name }}-credentials"
key: id
secretAccessKeySecretRef:
name: "{{ .Release.Name }}-credentials"
key: key

14
k8up-backup/templates/secrets.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: "{{ .Release.Name }}-credentials"
data:
id: "{{ .Values.credentials.id | b64enc}}"
key: "{{ .Values.credentials.key | b64enc}}"
---
apiVersion: v1
kind: Secret
metadata:
name: "{{ .Release.Name }}-repopassword"
data:
password: "{{ .Values.repoPassword | b64enc}}"

7
k8up-backup/values.yaml
View File

@ -1,7 +0,0 @@
# endpoint:
# bucket
# repoPassword:
# credentials:
# id:
# key:

3
k8up-backup/values_override.yaml
View File

@ -1,3 +0,0 @@
endpoint: hel1.your-objectstorage.com
bucket: fog

0
k8up/values.yaml
View File

8
rook-ceph-cluster/values.yaml
View File

@ -9,19 +9,19 @@ cephClusterSpec:
resources:
mgr:
requests:
cpu: 100m
cpu: 150m
memory: 256Mi
limits:
cpu: "1"
mon:
requests:
cpu: 100m
cpu: 150m
memory: 256Mi
limits:
cpu: "1"
osd:
requests:
cpu: 100m
cpu: 150m
memory: 256Mi
limits:
cpu: "1"
@ -43,7 +43,7 @@ cephFileSystems:
activeStandby: true
resources:
requests:
cpu: 100m
cpu: 250m
memory: 256Mi
limit:
cpu: "1"

4
rook-ceph/values.yaml
View File

@ -1,4 +0,0 @@
resources:
requests:
cpu: 100m
memory: 128Mi

26
traefik/values.yaml
View File

@ -7,9 +7,6 @@ deployment:
- name: data
mountPath: /data
updateStrategy:
type: Recreate
env:
- name: HETZNER_API_KEY
valueFrom:
@ -23,16 +20,6 @@ additionalArguments:
persistence:
enabled: true
logs:
format: json
access:
enabled: true
format: json
service:
spec:
externalTrafficPolicy: Local
ingressRoute:
dashboard:
enabled: true
@ -43,11 +30,6 @@ ingressRoute:
tls:
certResolver: letsencrypt
ports:
websecure:
middlewares:
- traefik-rate-limit@kubernetescrd
extraObjects:
- apiVersion: v1
kind: Secret
@ -65,14 +47,6 @@ extraObjects:
spec:
basicAuth:
secret: traefik-dashboard-auth-secret
- apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: rate-limit
spec:
rateLimit:
average: 50
burst: 100
certificatesResolvers:
letsencrypt: