infrastructure/apps
1
0
Fork 0
Code Issues Pull requests7 Projects Releases Packages Wiki Activity Actions

Compare commits

..

1 commit
9de688ac1f ... 6e580d3ea4

Author SHA1 Message Date
Peter
6e580d3ea4 chore(deps): update registry.k8s.io/sig-storage/csi-provisioner docker tag to v5 2024-06-04 21:18:11 +00:00
44 changed files with 126 additions and 631 deletions

BIN
argocd/config/values.argo-cd.yaml
View file

Binary file not shown.

4
argocd/kustomization.yaml
View file

@ -13,7 +13,7 @@ resources:
images:
- name: argocd
newName: code.icb4dc0.de/infrastructure/images/argocd
newTag: v2.12.0
newTag: v2.11.2
labels:
- includeSelectors: true
@ -26,7 +26,7 @@ helmCharts:
repo: https://argoproj.github.io/argo-helm
releaseName: argo-cd
namespace: argo-system
version: "7.4.1"
version: "7.1.1"
valuesFile: config/values.argo-cd.yaml
apiVersions:
- monitoring.coreos.com/v1

2
argocd/resources/dragonfly.yml
View file

@ -9,8 +9,6 @@ metadata:
app.kubernetes.io/part-of: argo-cd
spec:
replicas: 2
nodeSelector:
kubernetes.io/arch: arm64
resources:
requests:
cpu: 50m

2
cert-manager/kustomization.yaml
View file

@ -12,7 +12,7 @@ resources:
helmCharts:
- name: cert-manager
repo: https://charts.jetstack.io
version: "v1.15.2"
version: "v1.14.5"
releaseName: cert-manager
namespace: kube-system
valuesFile: config/values.cert-manager.yaml

1
cnpg/.gitattributes vendored
View file

@ -1 +0,0 @@
**/secrets/*.y*ml filter=age diff=age merge=age -text

7
cnpg/config/values.cnpg.yaml
View file

@ -1,7 +0,0 @@
replicaCount: 2
monitoring:
podMonitorEnabled: true
grafanaDashboard:
create: true
namespace: observability-system

3
cnpg/config/values.ext-pgo.yaml
View file

@ -1,3 +0,0 @@
replicaCount: 2
existingSecret: ext-postgres-operator

23
cnpg/kustomization.yaml
View file

@ -1,23 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- resources/secrets/ext-pgo-creds.yaml
- resources/secrets/ext-pgo-admin.yaml
- resources/secrets/cnpg-backup-creds.yaml
- resources/cluster.yaml
helmCharts:
- releaseName: cnpg
name: cloudnative-pg
repo: https://cloudnative-pg.github.io/charts
version: 0.21.6
valuesFile: config/values.cnpg.yaml
namespace: postgres-system
- releaseName: ext-pgo
name: ext-postgres-operator
repo: https://movetokube.github.io/postgres-operator/
version: 1.2.6
valuesFile: config/values.ext-pgo.yaml
namespace: postgres

48
cnpg/resources/cluster.yaml
View file

@ -1,48 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: app-cluster
namespace: postgres
spec:
instances: 2
managed:
roles:
- name: ext_pgo_admin
ensure: present
superuser: true
createrole: true
createdb: true
storage:
size: 10Gi
storageClass: hcloud-volumes
backup:
barmanObjectStore:
destinationPath: cnpg
s3Credentials:
accessKeyId:
name: cnpg-backup-creds
key: ACCESS_KEY_ID
secretAccessKey:
name: cnpg-backup-creds
key: ACCESS_SECRET_KEY
retentionPolicy: "30d"
resources:
requests:
cpu: 100m
memory: 400Mi
limits:
cpu: 500m
memory: 800Mi
affinity:
enablePodAntiAffinity: true
topologyKey: kubernetes.io/hostname
podAntiAffinityType: preferred
enablePDB: true
monitoring:
enablePodMonitor: true

BIN
cnpg/resources/secrets/cnpg-backup-creds.yaml
View file

Binary file not shown.

8
cnpg/resources/secrets/ext-pgo-admin.yaml
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> X25519 SQkKLcgCsGBZ6FM800HldDftkLV/u53xliCGnGU6Gz0
TvQkvxIdoIydgUshJXYai2pJjo/GsEklyGfba/zj31Y
-> X25519 V60zpoLahYcT/dGVnixvv471qCE8xAOP+LoAdq04ryM
q7iTcIfP6xgpJaQZJuW0kpY9dEwbwsleyyorsFK4atA
--- W40yHxyT9ZMPvnQ0WYg7K1sG0qd4loHmyW6HYZL5zBM
#Wøü5+D`éHUŠdNSÆ<53>f.vC]uÎö•ù"¼ègÙÝüfp:¬<C2AC>ϬNB”æ<E2809D>vúõè¢ O%3cÖòQü9m (ÓEäùØK µ×4ÞÌùgÜžo&€vztëPÞˆþñ2 ºª <02>æð>&Z{Î'<27>§QôÉj<C389>Ä:ƒ¡ø܈‡ ƒæ"Céœk¤£ÚÄ)Þ‰V1åÎÏV]
¥å·õñÄ'°s¨w±~ÊoEƒûæ•F¾hÍS }'&[ÞlÍÝÖUM×îÃ=ÿwŽ

BIN
cnpg/resources/secrets/ext-pgo-creds.yaml
View file

Binary file not shown.

2
coder/kustomization.yaml
View file

@ -13,6 +13,6 @@ helmCharts:
repo: https://helm.coder.com/v2
releaseName: coder
namespace: coder
version: "2.13.3"
version: "2.11.2"
valuesFile: config/values.coder.yml
skipTests: true

2
contour/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: projectcontour
images:
- name: contour
newName: ghcr.io/projectcontour/contour
newTag: v1.30.0
newTag: v1.29.0
resources:
- crds/contour.yaml

2
dragonfly-operator/kustomization.yaml
View file

@ -9,7 +9,7 @@ images:
newTag: v0.16.0
- name: dragonfly-operator
newName: docker.dragonflydb.io/dragonflydb/operator
newTag: v1.1.6
newTag: v1.1.2
resources:

219
dragonfly-operator/resources/crd/dragonfly.yaml
View file

@ -1,3 +1,4 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
@ -34,24 +35,6 @@ spec:
spec:
description: DragonflySpec defines the desired state of Dragonfly
properties:
aclFromSecret:
description: (Optional) Acl file Secret to pass to the container
properties:
key:
description: The key of the secret to select from. Must be a
valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?'
type: string
optional:
description: Specify whether the Secret or its key must be defined
type: boolean
required:
- key
type: object
x-kubernetes-map-type: atomic
affinity:
description: (Optional) Dragonfly pod affinity
properties:
@ -1048,23 +1031,6 @@ spec:
image:
description: Image is the Dragonfly image to use
type: string
labels:
additionalProperties:
type: string
description: (Optional) Labels to add to the Dragonfly pods.
type: object
memcachedPort:
description: (Optional) Dragonfly memcached port
format: int32
type: integer
nodeSelector:
additionalProperties:
type: string
description: (Optional) Dragonfly pod node selector
type: object
priorityClassName:
description: (Optional) Dragonfly pod priority class name
type: string
replicas:
description: Replicas is the total number of Dragonfly instances including
the master
@ -1129,23 +1095,10 @@ spec:
type: string
description: (Optional) Dragonfly Service Annotations
type: object
labels:
additionalProperties:
type: string
description: (Optional) Dragonfly Service Labels
type: object
name:
description: (Optional) Dragonfly Service name
type: string
type:
description: (Optional) Dragonfly Service type
type: string
type: object
skipFSGroup:
description: (Optional) Skip Assigning FileSystem Group. Required
for platforms such as Openshift that require IDs to not be set,
as it injects a fixed randomized ID per namespace into all pods.
type: boolean
snapshot:
description: (Optional) Dragonfly Snapshot configuration
properties:
@ -1421,174 +1374,6 @@ spec:
type: string
type: object
type: array
topologySpreadConstraints:
description: (Optional) Dragonfly pod topologySpreadConstraints
items:
description: TopologySpreadConstraint specifies how to spread matching
pods among the given topology.
properties:
labelSelector:
description: LabelSelector is used to find matching pods. Pods
that match this label selector are counted to determine the
number of pods in their corresponding topology domain.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values array
must be non-empty. If the operator is Exists or
DoesNotExist, the values array must be empty. This
array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is
"key", the operator is "In", and the values array contains
only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
matchLabelKeys:
description: MatchLabelKeys is a set of pod label keys to select
the pods over which spreading will be calculated. The keys
are used to lookup values from the incoming pod labels, those
key-value labels are ANDed with labelSelector to select the
group of existing pods over which spreading will be calculated
for the incoming pod. Keys that don't exist in the incoming
pod labels will be ignored. A null or empty list means only
match against labelSelector.
items:
type: string
type: array
x-kubernetes-list-type: atomic
maxSkew:
description: 'MaxSkew describes the degree to which pods may
be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`,
it is the maximum permitted difference between the number
of matching pods in the target topology and the global minimum.
The global minimum is the minimum number of matching pods
in an eligible domain or zero if the number of eligible domains
is less than MinDomains. For example, in a 3-zone cluster,
MaxSkew is set to 1, and pods with the same labelSelector
spread as 2/2/1: In this case, the global minimum is 1. |
zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew
is 1, incoming pod can only be scheduled to zone3 to become
2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1)
on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming
pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`,
it is used to give higher precedence to topologies that satisfy
it. It''s a required field. Default value is 1 and 0 is not
allowed.'
format: int32
type: integer
minDomains:
description: "MinDomains indicates a minimum number of eligible
domains. When the number of eligible domains with matching
topology keys is less than minDomains, Pod Topology Spread
treats \"global minimum\" as 0, and then the calculation of
Skew is performed. And when the number of eligible domains
with matching topology keys equals or greater than minDomains,
this value has no effect on scheduling. As a result, when
the number of eligible domains is less than minDomains, scheduler
won't schedule more than maxSkew Pods to those domains. If
value is nil, the constraint behaves as if MinDomains is equal
to 1. Valid values are integers greater than 0. When value
is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For
example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains
is set to 5 and pods with the same labelSelector spread as
2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P |
The number of domains is less than 5(MinDomains), so \"global
minimum\" is treated as 0. In this situation, new pod with
the same labelSelector cannot be scheduled, because computed
skew will be 3(3 - 0) if new Pod is scheduled to any of the
three zones, it will violate MaxSkew. \n This is a beta field
and requires the MinDomainsInPodTopologySpread feature gate
to be enabled (enabled by default)."
format: int32
type: integer
nodeAffinityPolicy:
description: "NodeAffinityPolicy indicates how we will treat
Pod's nodeAffinity/nodeSelector when calculating pod topology
spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector
are included in the calculations. - Ignore: nodeAffinity/nodeSelector
are ignored. All nodes are included in the calculations. \n
If this value is nil, the behavior is equivalent to the Honor
policy. This is a beta-level feature default enabled by the
NodeInclusionPolicyInPodTopologySpread feature flag."
type: string
nodeTaintsPolicy:
description: "NodeTaintsPolicy indicates how we will treat node
taints when calculating pod topology spread skew. Options
are: - Honor: nodes without taints, along with tainted nodes
for which the incoming pod has a toleration, are included.
- Ignore: node taints are ignored. All nodes are included.
\n If this value is nil, the behavior is equivalent to the
Ignore policy. This is a beta-level feature default enabled
by the NodeInclusionPolicyInPodTopologySpread feature flag."
type: string
topologyKey:
description: TopologyKey is the key of node labels. Nodes that
have a label with this key and identical values are considered
to be in the same topology. We consider each <key, value>
as a "bucket", and try to put balanced number of pods into
each bucket. We define a domain as a particular instance of
a topology. Also, we define an eligible domain as a domain
whose nodes meet the requirements of nodeAffinityPolicy and
nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname",
each Node is a domain of that topology. And, if TopologyKey
is "topology.kubernetes.io/zone", each zone is a domain of
that topology. It's a required field.
type: string
whenUnsatisfiable:
description: 'WhenUnsatisfiable indicates how to deal with a
pod if it doesn''t satisfy the spread constraint. - DoNotSchedule
(default) tells the scheduler not to schedule it. - ScheduleAnyway
tells the scheduler to schedule the pod in any location, but
giving higher precedence to topologies that would help reduce
the skew. A constraint is considered "Unsatisfiable" for an
incoming pod if and only if every possible node assignment
for that pod would violate "MaxSkew" on some topology. For
example, in a 3-zone cluster, MaxSkew is set to 1, and pods
with the same labelSelector spread as 3/1/1: | zone1 | zone2
| zone3 | | P P P | P | P | If WhenUnsatisfiable is
set to DoNotSchedule, incoming pod can only be scheduled to
zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on
zone2(zone3) satisfies MaxSkew(1). In other words, the cluster
can still be imbalanced, but scheduler won''t make it *more*
imbalanced. It''s a required field.'
type: string
required:
- maxSkew
- topologyKey
- whenUnsatisfiable
type: object
type: array
type: object
status:
description: DragonflyStatus defines the observed state of Dragonfly
@ -1609,4 +1394,4 @@ spec:
served: true
storage: true
subresources:
status: {}
status: {}

BIN
ente/config/credentials.yaml
View file

Binary file not shown.

8
ente/kustomization.yaml
View file

@ -7,13 +7,13 @@ namePrefix: ente-
images:
- name: museum
newName: ghcr.io/ente-io/server
newTag: cdbf8c5f0971cb383df03c6b2f72ffb85387beef
newTag: 26e17d8464736acc747c1b35c65af194172a245c
- name: photos
newName: code.icb4dc0.de/infrastructure/images/ente/photos
newTag: v0.9.16
newTag: photos-v0.8.94
- name: cast
newName: code.icb4dc0.de/infrastructure/images/ente/cast
newTag: v0.9.16
newTag: photos-v0.8.94
labels:
- includeSelectors: true
@ -39,4 +39,4 @@ configMapGenerator:
secretGenerator:
- name: museum-credentials
files:
- config/credentials.yaml
- config/credentials.yaml

6
ente/resources/cast/deployment.yaml
View file

@ -1,4 +1,3 @@
# yaml-language-server: $scheme=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.30.2-standalone-strict/deployment-apps-v1.json
apiVersion: apps/v1
kind: Deployment
metadata:
@ -34,10 +33,5 @@ spec:
ports:
- name: http
containerPort: 3000
readinessProbe:
httpGet:
port: 3000
path: /
scheme: HTTP
nodeSelector:
kubernetes.io/arch: arm64

6
ente/resources/photos/deployment.yaml
View file

@ -1,4 +1,3 @@
# yaml-language-server: $scheme=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.30.2-standalone-strict/deployment-apps-v1.json
apiVersion: apps/v1
kind: Deployment
metadata:
@ -34,10 +33,5 @@ spec:
ports:
- name: http
containerPort: 3000
readinessProbe:
httpGet:
port: 3000
path: /
scheme: HTTP
nodeSelector:
kubernetes.io/arch: arm64

8
forgejo/kustomization.yaml
View file

@ -12,10 +12,10 @@ labels:
images:
- name: act_runner
newName: code.forgejo.org/forgejo/runner
newTag: "3.5.0"
newTag: "3.4.1"
- name: dind
newName: docker
newTag: 27.1.1-dind
newTag: 26.1.3-dind
resources:
- resources/secrets/admin-credentials.yaml
@ -46,7 +46,7 @@ helmCharts:
repo: oci://codeberg.org/forgejo-contrib
releaseName: forgejo
namespace: forgejo
version: "8.1.0"
version: "7.0.0"
valuesFile: config/values.forgejo.yaml
skipTests: true
apiVersions:
@ -55,6 +55,6 @@ helmCharts:
repo: https://meilisearch.github.io/meilisearch-kubernetes
releaseName: forgejo-indexer
namespace: forgejo
version: "0.8.0"
version: "0.7.0"
valuesFile: config/values.meilisearch.yaml
skipTests: true

2
forgejo/resources/dragonfly.yml
View file

@ -9,8 +9,6 @@ metadata:
app.kubernetes.io/part-of: forgejo
spec:
replicas: 2
nodeSelector:
kubernetes.io/arch: arm64
resources:
requests:
cpu: 100m

BIN
forgejo/resources/secrets/infra-credentials.yaml
View file

Binary file not shown.

2
garage/backup/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: garage
images:
- name: rclone
newName: rclone/rclone
newTag: "1.67"
newTag: "1.66"
resources:
- resources/cronjob.yaml

10
garage/resources/workload.yaml
View file

@ -48,16 +48,8 @@ spec:
cpu: 300m
memory: 280Mi
limits:
cpu: 750m
cpu: 300m
memory: 500Mi
readinessProbe:
httpGet:
port: 3903
path: /health
livenessProbe:
httpGet:
port: 3903
path: /health
securityContext:
capabilities:
drop:

4
hcloud/kustomization.yaml
View file

@ -12,12 +12,12 @@ helmCharts:
repo: https://charts.hetzner.cloud
releaseName: hccm
namespace: kube-system
version: "1.20.0"
version: "1.19.0"
valuesFile: config/values.ccm.yaml
- name: hcloud-csi
repo: https://charts.hetzner.cloud
releaseName: hcloud-csi-driver
namespace: kube-system
version: "2.8.0"
version: "2.6.0"
valuesFile: config/values.csi.yaml

36
kube-prometheus/config/values.prometheus.yaml
View file

@ -13,8 +13,6 @@ defaultRules:
prometheus:
prometheusSpec:
retention: 7d
nodeSelector:
kubernetes.io/arch: arm64
serviceMonitorNamespaceSelector:
matchLabels:
prometheus: default
@ -35,11 +33,11 @@ prometheus:
prometheus: default
resources:
requests:
memory: 1500Mi
memory: 3Gi
cpu: 500m
limits:
memory: 2200Mi
cpu: 800m
memory: 4Gi
cpu: 800m
storageSpec:
volumeClaimTemplate:
spec:
@ -56,7 +54,7 @@ kubeEtcd:
kubeControllerManager:
enabled: true
endpoints: ["172.23.2.10"]
endpoints: ['172.23.2.10']
service:
enabled: true
port: 10257
@ -67,7 +65,7 @@ kubeControllerManager:
kubeScheduler:
enabled: false
endpoints: ["172.23.2.10"]
endpoints: ['172.23.2.10']
service:
enabled: true
port: 10259
@ -78,7 +76,7 @@ kubeScheduler:
kubeProxy:
enabled: false
endpoints: ["172.23.2.10"]
endpoints: ['172.23.2.10']
service:
enabled: true
port: 10249
@ -104,16 +102,16 @@ grafana:
auth:
disable_login_form: true
auth.generic_oauth:
name: Forgejo
icon: signin
enabled: "true"
client_id: "${GF_OAUTH_CLIENT_ID}"
client_secret: "${GF_OAUTH_CLIENT_SECRET}"
empty_scopes: true
auth_url: https://code.icb4dc0.de/login/oauth/authorize
token_url: https://code.icb4dc0.de/login/oauth/access_token
api_url: https://code.icb4dc0.de/login/oauth/userinfo
skip_org_role_sync: true
name: Forgejo
icon: signin
enabled: "true"
client_id: "${GF_OAUTH_CLIENT_ID}"
client_secret: "${GF_OAUTH_CLIENT_SECRET}"
empty_scopes: true
auth_url: https://code.icb4dc0.de/login/oauth/authorize
token_url: https://code.icb4dc0.de/login/oauth/access_token
api_url: https://code.icb4dc0.de/login/oauth/userinfo
skip_org_role_sync: true
persistence:
enabled: false
storageClassName: hcloud-volumes
@ -130,4 +128,4 @@ kube-state-metrics:
prometheus:
monitor:
additionalLabels:
prometheus: default
prometheus: default

2
kube-prometheus/kustomization.yaml
View file

@ -15,5 +15,5 @@ helmCharts:
includeCRDs: true
namespace: observability-system
releaseName: prometheus
version: "61.7.1"
version: "59.1.0"
valuesFile: config/values.prometheus.yaml

2
linkwarden/kustomization.yaml
View file

@ -11,7 +11,7 @@ labels:
images:
- name: linkwarden
newName: ghcr.io/linkwarden/linkwarden
newTag: "v2.6.2"
newTag: "v2.5.3"
resources:
- "resources/namespace.yaml"

2
mariadb-operator/kustomization.yaml
View file

@ -11,7 +11,7 @@ helmCharts:
releaseName: mariadb-operator
repo: https://mariadb-operator.github.io/mariadb-operator
namespace: mariadb-system
version: "0.29.0"
version: "0.28.1"
valuesFile: config/mariadb-operator.values.yaml
includeCRDs: true
skipTests: true

2
nextcloud/kustomization.yaml
View file

@ -21,7 +21,7 @@ helmCharts:
repo: https://nextcloud.github.io/helm/
releaseName: nextcloud
namespace: nextcloud
version: "5.5.2"
version: "4.6.10"
valuesFile: config/values.nextcloud.yaml
skipTests: true

2
nocodb/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: nocodb
images:
- name: nocodb
newName: docker.io/nocodb/nocodb
newTag: 0.251.3
newTag: 0.207.3
labels:
- includeSelectors: true

106
nocodb/resources/deployment.yaml
View file

@ -1,4 +1,3 @@
# yaml-language-server: $scheme=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.30.2-standalone-strict/deployment-apps-v1.json
---
apiVersion: apps/v1
kind: Deployment
@ -17,53 +16,55 @@ spec:
app.kubernetes.io/name: nocodb
spec:
containers:
- name: nocodb
image: nocodb
envFrom:
- secretRef:
name: nocodb-config
ports:
- containerPort: 8080
protocol: TCP
name: web
volumeMounts:
- name: nocodb-metadata
mountPath: /usr/app/data
- name: tmp
mountPath: /tmp
livenessProbe:
httpGet:
path: /api/v1/health
port: web
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/v1/health
port: web
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
resources:
requests:
memory: "168Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
- name: nocodb
image: nocodb
envFrom:
- secretRef:
name: nocodb-config
ports:
- containerPort: 8080
protocol: TCP
name: web
volumeMounts:
- mountPath: /usr/app/data
name: nocodb-metadata
- mountPath: /usr/src/app/
name: app-volume
- mountPath: /tmp
name: app-tmp
livenessProbe:
httpGet:
path: /api/v1/health
port: web
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /api/v1/health
port: web
scheme: HTTP
initialDelaySeconds: 5
timeoutSeconds: 3
periodSeconds: 5
successThreshold: 1
failureThreshold: 3
resources:
requests:
memory: "168Mi"
cpu: "50m"
limits:
memory: "256Mi"
cpu: "500m"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
@ -78,11 +79,14 @@ spec:
- name: nocodb-metadata
persistentVolumeClaim:
claimName: nocodb-metadata
- name: tmp
- name: app-volume
emptyDir:
sizeLimit: 50Mi
sizeLimit: 1500Mi
- name: app-tmp
emptyDir:
sizeLimit: 500Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
runAsNonRoot: true

2
nocodb/resources/dragonfly.yaml
View file

@ -9,8 +9,6 @@ metadata:
app.kubernetes.io/part-of: nocodb
spec:
replicas: 2
nodeSelector:
kubernetes.io/arch: arm64
resources:
requests:
cpu: 100m

4
postgres-operator/kustomization.yaml
View file

@ -6,13 +6,13 @@ labels:
pairs:
app.kubernetes.io/name: pgo
# The version below should match the version on the PostgresCluster CRD
app.kubernetes.io/version: 5.6.0
app.kubernetes.io/version: 5.5.0
postgres-operator.crunchydata.com/control-plane: postgres-operator
images:
- name: postgres-operator
newName: registry.developers.crunchydata.com/crunchydata/postgres-operator
newTag: ubi8-5.6.0-0
newTag: ubi8-5.5.0-0
resources:
- resources/namespace.yaml

100
postgres-operator/resources/crd/pgadmins.yaml
View file

@ -2,11 +2,11 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
labels:
app.kubernetes.io/name: pgo
app.kubernetes.io/version: 5.6.0
app.kubernetes.io/version: 5.5.0
name: pgadmins.postgres-operator.crunchydata.com
spec:
group: postgres-operator.crunchydata.com
@ -20,7 +20,7 @@ spec:
- name: v1beta1
schema:
openAPIV3Schema:
description: PGAdmin is the Schema for the PGAdmin API
description: PGAdmin is the Schema for the pgadmins API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@ -860,24 +860,6 @@ spec:
to any of these values will be loaded without validation. Be careful,
as you may put pgAdmin into an unusable state.
properties:
configDatabaseURI:
description: 'A Secret containing the value for the CONFIG_DATABASE_URI
setting. More info: https://www.pgadmin.org/docs/pgadmin4/latest/external_database.html'
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
type: object
files:
description: Files allows the user to mount projected volumes
into the pgAdmin container so that files can be referenced by
@ -1100,10 +1082,6 @@ spec:
type: object
type: object
type: array
gunicorn:
description: 'Settings for the gunicorn server. More info: https://docs.gunicorn.org/en/latest/settings.html'
type: object
x-kubernetes-preserve-unknown-fields: true
ldapBindPassword:
description: 'A Secret containing the value for the LDAP_BIND_PASSWORD
setting. More info: https://www.pgadmin.org/docs/pgadmin4/latest/ldap.html'
@ -1369,10 +1347,6 @@ spec:
unique in the pgAdmin's ServerGroups since it becomes the
ServerGroup name in pgAdmin.
type: string
postgresClusterName:
description: PostgresClusterName selects one cluster to add
to pgAdmin by name.
type: string
postgresClusterSelector:
description: PostgresClusterSelector selects clusters to dynamically
add to pgAdmin by matching labels. An empty selector like
@ -1421,18 +1395,9 @@ spec:
type: object
required:
- name
- postgresClusterSelector
type: object
x-kubernetes-validations:
- message: exactly one of "postgresClusterName" or "postgresClusterSelector"
is required
rule: '[has(self.postgresClusterName),has(self.postgresClusterSelector)].exists_one(x,x)'
type: array
serviceName:
description: ServiceName will be used as the name of a ClusterIP service
pointing to the pgAdmin pod and port. If the service already exists,
PGO will update the service. For more information about services
reference the Kubernetes and CrunchyData documentation. https://kubernetes.io/docs/concepts/services-networking/service/
type: string
tolerations:
description: 'Tolerations of the PGAdmin pod. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration'
items:
@ -1473,50 +1438,6 @@ spec:
type: string
type: object
type: array
users:
description: pgAdmin users that are managed via the PGAdmin spec.
Users can still be added via the pgAdmin GUI, but those users will
not show up here.
items:
properties:
passwordRef:
description: A reference to the secret that holds the user's
password.
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
optional:
description: Specify whether the Secret or its key must
be defined
type: boolean
required:
- key
type: object
role:
description: Role determines whether the user has admin privileges
or not. Defaults to User. Valid options are Administrator
and User.
enum:
- Administrator
- User
type: string
username:
description: The username for User in pgAdmin. Must be unique
in the pgAdmin's users list.
type: string
required:
- passwordRef
- username
type: object
type: array
x-kubernetes-list-map-keys:
- username
x-kubernetes-list-type: map
required:
- dataVolumeClaimSpec
type: object
@ -1524,8 +1445,9 @@ spec:
description: PGAdminStatus defines the observed state of PGAdmin
properties:
conditions:
description: 'conditions represent the observations of pgAdmin''s
current state. Known .status.conditions.type is: "PersistentVolumeResizing"'
description: 'conditions represent the observations of pgadmin''s
current state. Known .status.conditions.type are: "PersistentVolumeResizing",
"Progressing", "ProxyAvailable"'
items:
description: "Condition contains details for one aspect of the current
state of this API Resource. --- This struct is intended for direct
@ -1596,14 +1518,6 @@ spec:
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
imageSHA:
description: ImageSHA represents the image SHA for the container running
pgAdmin.
type: string
majorVersion:
description: MajorVersion represents the major version of the running
pgAdmin.
type: integer
observedGeneration:
description: observedGeneration represents the .metadata.generation
on which the status was based.

4
postgres-operator/resources/crd/pgupgrades.yaml
View file

@ -2,11 +2,11 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
labels:
app.kubernetes.io/name: pgo
app.kubernetes.io/version: 5.6.0
app.kubernetes.io/version: 5.5.0
name: pgupgrades.postgres-operator.crunchydata.com
spec:
group: postgres-operator.crunchydata.com

116
postgres-operator/resources/crd/postgresclusters.yaml
View file

@ -2,11 +2,11 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.0
controller-gen.kubebuilder.io/version: v0.8.0
creationTimestamp: null
labels:
app.kubernetes.io/name: pgo
app.kubernetes.io/version: 5.6.0
app.kubernetes.io/version: 5.5.0
name: postgresclusters.postgres-operator.crunchydata.com
spec:
group: postgres-operator.crunchydata.com
@ -2695,7 +2695,7 @@ spec:
- bucket
type: object
name:
description: The name of the repository
description: The name of the the repository
pattern: ^repo[1-4]
type: string
s3:
@ -4438,10 +4438,10 @@ spec:
properties:
pgbackrest:
description: 'Defines a pgBackRest cloud-based data source that
can be used to pre-populate the PostgreSQL data directory for
a new PostgreSQL cluster using a pgBackRest restore. The PGBackRest
field is incompatible with the PostgresCluster field: only one
data source can be used for pre-populating a new PostgreSQL
can be used to pre-populate the the PostgreSQL data directory
for a new PostgreSQL cluster using a pgBackRest restore. The
PGBackRest field is incompatible with the PostgresCluster field:
only one data source can be used for pre-populating a new PostgreSQL
cluster'
properties:
affinity:
@ -5615,7 +5615,7 @@ spec:
- bucket
type: object
name:
description: The name of the repository
description: The name of the the repository
pattern: ^repo[1-4]
type: string
s3:
@ -10396,7 +10396,7 @@ spec:
description: 'Patroni dynamic configuration settings. Changes
to this value will be automatically reloaded without validation.
Changes to certain PostgreSQL parameters cause PostgreSQL to
restart. More info: https://patroni.readthedocs.io/en/latest/dynamic_configuration.html'
restart. More info: https://patroni.readthedocs.io/en/latest/SETTINGS.html'
type: object
x-kubernetes-preserve-unknown-fields: true
leaderLeaseDurationSeconds:
@ -13060,18 +13060,6 @@ spec:
service:
description: Specification of the service that exposes PgBouncer.
properties:
externalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
internalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
metadata:
description: Metadata contains metadata for custom resources
properties:
@ -13331,66 +13319,10 @@ spec:
required:
- pgBouncer
type: object
replicaService:
description: Specification of the service that exposes PostgreSQL
replica instances
properties:
externalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
internalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
metadata:
description: Metadata contains metadata for custom resources
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
nodePort:
description: The port on which this service is exposed when type
is NodePort or LoadBalancer. Value must be in-range and not
in use or the operation will fail. If unspecified, a port will
be allocated if this Service requires one. - https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport
format: int32
type: integer
type:
default: ClusterIP
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types'
enum:
- ClusterIP
- NodePort
- LoadBalancer
type: string
type: object
service:
description: Specification of the service that exposes the PostgreSQL
primary instance.
properties:
externalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
internalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
metadata:
description: Metadata contains metadata for custom resources
properties:
@ -14861,18 +14793,6 @@ spec:
service:
description: Specification of the service that exposes pgAdmin.
properties:
externalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
internalTrafficPolicy:
description: 'More info: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies'
enum:
- Cluster
- Local
type: string
metadata:
description: Metadata contains metadata for custom resources
properties:
@ -15128,14 +15048,8 @@ spec:
options:
description: 'ALTER ROLE options except for PASSWORD. This field
is ignored for the "postgres" user. More info: https://www.postgresql.org/docs/current/role-attributes.html'
maxLength: 200
pattern: ^[^;]*$
type: string
x-kubernetes-validations:
- message: cannot assign password
rule: '!self.matches("(?i:PASSWORD)")'
- message: cannot contain comments
rule: '!self.matches("(?:--|/[*]|[*]/)")'
password:
description: Properties of the password generated for this user.
properties:
@ -15156,7 +15070,6 @@ spec:
required:
- name
type: object
maxItems: 64
type: array
x-kubernetes-list-map-keys:
- name
@ -15244,11 +15157,6 @@ spec:
description: Current state of PostgreSQL instances.
items:
properties:
desiredPGDataVolume:
additionalProperties:
type: string
description: Desired Size of the pgData volume
type: object
name:
type: string
readyReplicas:
@ -15383,7 +15291,7 @@ spec:
type: boolean
repoOptionsHash:
description: A hash of the required fields in the spec for
defining an Azure, GCS or S3 repository, Utilized to detect
defining an Azure, GCS or S3 repository, Utilizd to detect
changes to these fields and then execute pgBackRest stanza-create
commands accordingly.
type: string
@ -15517,6 +15425,8 @@ spec:
type: object
type: object
registrationRequired:
description: Version information for installations with a registration
requirement.
properties:
pgoVersion:
type: string
@ -15529,6 +15439,8 @@ spec:
description: The instance set associated with the startupInstance
type: string
tokenRequired:
description: Signals the need for a token to be applied when registration
is required.
type: string
userInterface:
description: Current state of the PostgreSQL user interface.

2
s3-csi/kustomization.yaml
View file

@ -13,7 +13,7 @@ images:
newTag: v2.10.1
- name: provisioner
newName: registry.k8s.io/sig-storage/csi-provisioner
newTag: v5.0.2
newTag: v5.0.1
- name: csi
newName: code.icb4dc0.de/infrastructure/csi-s3
newTag: 0.38.3

2
snips/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: snips
images:
- name: snips
newName: ghcr.io/robherley/snips.sh
newTag: v0.4.0
newTag: v0.3.2
- name: litestream
newName: code.icb4dc0.de/infrastructure/litestream
newTag: "0.3.14-rc1"

2
umami/kustomization.yaml
View file

@ -6,7 +6,7 @@ namespace: umami
images:
- name: umami
newName: ghcr.io/umami-software/umami
newTag: postgresql-v2.12.1
newTag: postgresql-v2.11.3
labels:
- includeSelectors: true

BIN
vaultwarden/config/vaultwarden.env
View file

Binary file not shown.

2
vaultwarden/kustomization.yaml
View file

@ -12,7 +12,7 @@ labels:
images:
- name: vaultwarden
newName: ghcr.io/dani-garcia/vaultwarden
newTag: "1.31.0-alpine"
newTag: "1.30.5-alpine"
resources:
- "resources/namespace.yaml"

2
vikunja/resources/api/dragonfly.yaml
View file

@ -9,8 +9,6 @@ metadata:
app.kubernetes.io/part-of: vikunja
spec:
replicas: 2
nodeSelector:
kubernetes.io/arch: arm64
resources:
requests:
cpu: 50m