scubbo/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
178 Commits 4 Branches 0 Tags
Commit Graph

55 Commits

Author SHA1 Message Date
Jack Jackson
a90cc33d1c Add Plugins dir for Vault 2025-03-17 15:38:32 -07:00
Jack Jackson
d8cad832ba Switch Vault to Jsonnett definition 
As a precursor to:
* Enabling Plugins
* So that I can get GitHub credentials from Vault via [this
    plugin](https://github.com/martinbaillie/vault-plugin-secrets-github)
* So that I can use [this history-syncing
    plugin](https://gitea.scubbo.org/scubbo/commit-report-sync) without
    needing to refresh tokens, including in _this_ repo.
* At which point I want to [use LetsEncrypt to provide certs for Traefik
   Ingresses](https://adamtheautomator.com/letsencrypt-with-k3s-kubernetes/#Ensuring_Seamless_Certificate_Renewals_with_a_ClusterIssuer)
* So that I can use Keycloak, which [demands an http
    scheme](https://github.com/keycloak/keycloak/issues/30977#issuecomment-2208679081).

What a deep rabbit-hole I am in! :)
 2025-03-14 20:46:59 -07:00
Jack Jackson
fb7e8cd98e Migrate blog to a) -deployment repo, b) jsonnet-format definition 2025-02-26 19:35:53 -08:00
Jack Jackson
668e1c01bb Install openwebui 2025-02-06 21:01:30 -08:00
Jack Jackson
1b617368b8 Introduce Miniflux 2024-11-13 20:39:46 -08:00
Jack Jackson
2ff2c4224c Deploy edh-elo 2024-06-24 21:11:16 -07:00
Jack Jackson
4cc1c531e2 Provide a k8s secret containing Mastodon Access Token 
To auto-post on publishing a new blog post.
 2024-06-04 17:03:09 -07:00
Jack Jackson
496c2f13b0 Expand (and explicitly specify storageclass of) Vault storage 
Due to currently-unknown fault, my Vault storage got full up (I
_suspect_ it's due to not setting a default TTL on Tokens, and so they
all hung around. Surprised they were created at such a rate, but w/e). I
wasn't able to directly expand the volume - and, anyway, it's on
Longhorn which is a Storage Provisioner that I'm moving away from - so
the solution was to:
* Create a temporary PV (on FreeNas, though that doesn't actually
  matter) and copy data onto it (by mounting both it and the existing
  Volume onto a debug pod, using a variant of [this
  script](https://blog.scubbo.org/posts/pvc-debug-pod/))
* Delete the existing PVC and PV
* Make this update, and sync
  * A new _empty_ PV will be created (and probably populated with some
    stuff)
* Scale-down the StatefulSet, do the double-mount-to-debug-pod trick
  again, and copy data from the temporary PV onto this one
* Delete Debug Pod, re-scale-up StatefulSet...and hope that there's
  nothing stateful in the data which means that copying it from one
  volume to another makes it invalid (e.g. if encrypted with an
  encryption key which would change on a new spin-up of the pod - which
  _seems_ unlikely, but 🤷)
 2024-06-04 14:07:45 -07:00
Jack Jackson
e798564692 First steps in Crossplane-Vault integration 2024-05-08 23:45:39 -07:00
Jack Jackson
4c82c014f8 Add vault-sourced secret in Drone setup 2024-04-21 14:02:43 -07:00
Jack Jackson
1926560274 Jsonnify Drone 2024-04-21 13:08:41 -07:00
Jack Jackson
b856fd2bc5 Set up Vault Secrets Operator 
Prerequisite that Vault is configured with authentication per
https://developer.hashicorp.com/vault/tutorials/kubernetes/vault-secrets-operator#configure-vault

The plan would eventually be to manage Vault objects via
[Crossplane](https://www.crossplane.io/).
 2024-04-21 12:46:01 -07:00
Jack Jackson
3140ea8b0d Correctly represent env variable 2024-04-20 13:45:13 -07:00
Jack Jackson
185af7901a Remove initContainer backup approach 2024-04-20 13:21:41 -07:00
Jack Jackson
b4c9947e4c Try including date in backup name 2024-04-19 21:32:13 -07:00
Jack Jackson
6d338157fa Put Keycloak backup volumes in right namespace 2024-04-19 21:01:26 -07:00
Jack Jackson
40427c0426 Add Keycloak Backup job 2024-04-06 17:33:07 -07:00
Jack Jackson
a98d915658 Add backup as crontab 2024-04-06 14:53:42 -07:00
Jack Jackson
68f83a23b3 Install keycloak 2024-04-06 13:20:14 -07:00
Jack Jackson
de944bac48 Remove Grafana Oncall 2024-03-12 19:10:13 -07:00
Jack Jackson
b107f1e839 Dehelmify, and install Crossplane via Jsonnet 
Need to remove `Chart.yaml` so that Argo doesn't try to treat
`app-of-apps/` as a Helm application (because that would stop it from
using Jsonnet parsing).
 2024-03-12 18:49:06 -07:00
Jack Jackson
3dfc818f5f First attempt at installing OpenProject 2024-01-14 20:00:56 -08:00
Jack Jackson
feee5d6979 Add Blog application 2023-11-24 14:28:36 -08:00
Jack Jackson
ab1bc63f84 Re-enable Vault 
Note that I was wrong before - there was no need to disable while
setting up TrueNAS, because Vault suggests using integrated storage.
 2023-10-30 22:13:46 -07:00
Jack Jackson
0bc8d9b219 Temporarily delete Vault app while I reconfigure TrueNAS 2023-09-23 19:13:59 -07:00
Jack Jackson
9689cbc52e Enable Ingress 2023-09-20 21:38:34 -07:00
Jack Jackson
1dd97e7338 Deploy Vault 2023-09-20 20:53:44 -07:00
Jack Jackson
311c15b4a8 Update Oncall versions 2023-08-26 18:34:10 -07:00
Jack Jackson
22bc25bc1d Update to latest Grafana version 2023-08-26 17:41:26 -07:00
Jack Jackson
f73941fb8c Add Private Apps 2023-08-05 18:54:57 -07:00
Jack Jackson
a0957a85ea Re-add Oncall, having removed Retained PersistentVolumes 2023-07-27 17:31:35 -07:00
Jack Jackson
f22892e482 Remove Oncall - still need postgres password passthrough 2023-07-26 21:48:38 -07:00
Jack Jackson
f2cd112341 Re-enable Grafana Oncall 
Setting redis `nodeSelector` as per [Bitnami
chart](https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml)
 2023-07-26 21:08:38 -07:00
Jack Jackson
9fdb389814 Disable Grafana Oncall 2023-07-26 19:53:08 -07:00
Jack Jackson
ed039061bd Try Grafana Oncall on x86 2023-07-26 19:21:17 -07:00
Jack Jackson
2b1e5e7f5b Remove Ceph/Rook charts 2023-07-24 17:42:00 -07:00
Jack Jackson
91d7b2cc72 Disable values.yaml (PVC-based means look _elsewhere_ for storage, not to provide _via_ storage) 2023-07-23 15:30:42 -07:00
Jack Jackson
3b10ad2abd Create Ceph cluster 2023-07-23 14:21:03 -07:00
Jack Jackson
0534e973de Install Rook to expected namespace 2023-07-23 13:56:06 -07:00
Jack Jackson
f7de513633 Specify version of rook-ceph chart 2023-07-23 13:48:13 -07:00
Jack Jackson
324479a769 Deploy Ceph Operator 2023-07-23 13:36:33 -07:00
Jack Jackson
84d5759cda Prometheus and Grafana tolerate x86 2023-07-18 11:02:07 -07:00
Jack Jackson
9e28dd26de Disable Grafana Oncall 2023-07-16 21:43:19 -07:00
Jack Jackson
86b2b339a8 Add Drone 2023-07-11 19:45:42 -07:00
Jack Jackson
1f455c9e34 Add Grafana-oncall 2023-06-28 20:11:56 -07:00
Jack Jackson
a2d2e9cdc4 Add Ombi 2023-06-28 11:58:24 -07:00
Jack Jackson
e0536fd808 Add ProtonVPN 2023-06-27 20:44:22 -07:00
Jack Jackson
b9325384f1 Grafana Persistence ReadWriteMany 
https://stackoverflow.com/questions/70945223/kubernetes-multi-attach-error-for-volume-pvc-volume-is-already-exclusively-att
 2023-06-26 22:44:53 -07:00
Jack Jackson
7041bc3757 Move Grafana values to block-file format 2023-06-26 22:30:40 -07:00
Jack Jackson
a66af40b62 Add Prometheus as Datasource to Grafana 2023-06-23 20:13:56 -07:00