From 50acf9c1354267091c53ffed70d33f33e92e1910 Mon Sep 17 00:00:00 2001 From: Madison Grubb Date: Fri, 29 Aug 2025 16:15:32 -0400 Subject: [PATCH] sync latest changes --- authentik-chart.yml | 15 ++++++++------- cert-manager-chart.yml | 5 +++-- gitea-chart.yml | 8 +++++--- ingress-nginx-chart.yml | 5 ++--- jellyfin-chart.yml | 20 +++++++++++++++++++- jellyfin-nfs.yml | 2 +- kube-prometheus-stack-chart.yml | 20 +++++++++++--------- longhorn-chart.yml | 4 +++- metallb-chart.yml | 6 +++--- nextcloud-chart.yml | 4 +++- ollama-chart.yml | 26 ++++++++++++++++++++++++++ openwebui-chart.yml | 27 ++++++++++++++++++++++++--- victorialogs-chart.yml | 20 ++++++++++++++++++++ woodpecker-ci-chart.yml | 9 ++++++--- 14 files changed, 134 insertions(+), 37 deletions(-) create mode 100644 ollama-chart.yml create mode 100644 victorialogs-chart.yml diff --git a/authentik-chart.yml b/authentik-chart.yml index cb4e5bd..28e44ff 100644 --- a/authentik-chart.yml +++ b/authentik-chart.yml @@ -8,7 +8,7 @@ spec: targetNamespace: authentik repo: https://charts.goauthentik.io # https://artifacthub.io/packages/helm/goauthentik/authentik - version: 2025.6.3 + version: 2025.8.1 valuesContent: |- authentik: secret_key: "0hETw0LhioALQ6vhNTiN5MuW1349KjPlol3Q3D6sC8BV+IlzyhIfZYth/7WapdmOM8ib3qyyGLC5/8Xk" @@ -26,12 +26,13 @@ spec: - secretName: authentik-tls hosts: - login.keligrubb.com - # metrics: - # enabled: true - # serviceMonitor: - # enabled: true - # labels: - # release: prometheus + worker: + metrics: + enabled: true + serviceMonitor: + enabled: true + labels: + release: prometheus postgresql: enabled: true auth: diff --git a/cert-manager-chart.yml b/cert-manager-chart.yml index b9e38f6..b8e3ed6 100644 --- a/cert-manager-chart.yml +++ b/cert-manager-chart.yml @@ -8,12 +8,13 @@ spec: targetNamespace: cert-manager repo: https://charts.jetstack.io # https://artifacthub.io/packages/helm/cert-manager/cert-manager - version: 1.17.2 + version: 1.18.2 valuesContent: |- prometheus: enabled: true servicemonitor: enabled: true - installCRDs: true + crds: + enabled: true extraArgs: - --dns01-recursive-nameservers-only diff --git a/gitea-chart.yml b/gitea-chart.yml index a16a68d..6cd5b6c 100644 --- a/gitea-chart.yml +++ b/gitea-chart.yml @@ -1,5 +1,3 @@ -# helm repo add gitea-charts https://dl.gitea.io/charts/ -# helm install gitea gitea-charts/gitea apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: @@ -10,7 +8,7 @@ spec: targetNamespace: git repo: https://dl.gitea.io/charts/ # https://gitea.com/gitea/helm-chart/releases - version: 12.1.1 + version: 12.2.0 valuesContent: |- resources: limits: @@ -26,6 +24,7 @@ spec: gitea: admin: email: keligrubb324@gmail.com + password: B@ssguitar324 metrics: enabled: true serviceMonitor: @@ -33,6 +32,9 @@ spec: config: ui: DEFAULT_THEME: gitea-dark + service: + ENABLE_PASSWORD_SIGNIN_FORM: false + ENABLE_BASIC_AUTHENTICATION: false database: DB_TYPE: sqlite3 NAME: /data/gitea/gitea.db diff --git a/ingress-nginx-chart.yml b/ingress-nginx-chart.yml index 618a0d5..74c2fb6 100644 --- a/ingress-nginx-chart.yml +++ b/ingress-nginx-chart.yml @@ -8,7 +8,7 @@ spec: targetNamespace: ingress-nginx repo: https://kubernetes.github.io/ingress-nginx # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx - version: 4.12.2 + version: 4.13.1 valuesContent: |- controller: metrics: @@ -29,5 +29,4 @@ spec: allowSnippetAnnotations: true config: annotations-risk-level: Critical - tcp: - 22: git/gitea-ssh:22 + strict-validate-path-type: false diff --git a/jellyfin-chart.yml b/jellyfin-chart.yml index 0bfd026..e44efa5 100644 --- a/jellyfin-chart.yml +++ b/jellyfin-chart.yml @@ -10,6 +10,8 @@ spec: # https://github.com/jellyfin/jellyfin-helm/releases version: 2.3.0 valuesContent: |- + image: + tag: "10.10.7" timezone: "America/New_York" ingress: enabled: true @@ -28,7 +30,23 @@ spec: persistence: config: enabled: true - size: 5Gi + size: 16Gi media: enabled: true existingClaim: "jellyfin-nfs-media-pvc" + securityContext: + capabilities: + add: + - "SYS_ADMIN" + drop: + - "ALL" + privileged: false + extraVolumes: + - name: hwa + hostPath: + path: /dev/dri + extraVolumeMounts: + - name: hwa + mountPath: /dev/dri + nodeSelector: + ai-capable: "true" diff --git a/jellyfin-nfs.yml b/jellyfin-nfs.yml index 176c42f..ccf0956 100644 --- a/jellyfin-nfs.yml +++ b/jellyfin-nfs.yml @@ -14,7 +14,7 @@ spec: - hard - nfsvers=4.1 nfs: - server: 192.168.1.153 + server: 192.168.1.159 path: "/mnt/homestead/jellyfin" --- diff --git a/kube-prometheus-stack-chart.yml b/kube-prometheus-stack-chart.yml index d1358d1..dd923f3 100644 --- a/kube-prometheus-stack-chart.yml +++ b/kube-prometheus-stack-chart.yml @@ -8,7 +8,7 @@ spec: targetNamespace: monitoring repo: https://prometheus-community.github.io/helm-charts # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack - version: 75.9.0 + version: 76.5.0 valuesContent: |- grafana: envValueFrom: @@ -17,6 +17,8 @@ spec: name: authentik-oauth-client-secret key: client-secret defaultDashboardsTimezone: "US/Eastern" + plugins: + - victoriametrics-logs-datasource ingress: enabled: true ingressClassName: nginx @@ -46,12 +48,12 @@ spec: token_url: "https://login.keligrubb.com/application/o/token/" api_url: "https://login.keligrubb.com/application/o/userinfo/" role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' - # additionalDataSources: - # - name: Loki - # type: loki - # access: proxy - # basicAuth: false - # url: http://loki-gateway.monitoring.svc.cluster.local + additionalDataSources: + - name: VictoriaLogs + type: victoriametrics-logs-datasource + access: proxy + basicAuth: false + url: http://victoria-logs-victoria-logs-single-server.monitoring.svc.cluster.local:9428 config: auth: signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/" @@ -100,8 +102,8 @@ spec: serviceMonitorSelectorNilUsesHelmValues: false podMonitorSelectorNilUsesHelmValues: false probeSelectorNilUsesHelmValues: fales - retention: 30d - retentionSize: "64GB" + retention: 14d + retentionSize: "16GB" enableAdminAPI: true securityContext: runAsUser: 0 diff --git a/longhorn-chart.yml b/longhorn-chart.yml index e0a6121..f5f26c3 100644 --- a/longhorn-chart.yml +++ b/longhorn-chart.yml @@ -8,7 +8,7 @@ spec: targetNamespace: longhorn-system repo: https://charts.longhorn.io # https://artifacthub.io/packages/helm/longhorn/longhorn - version: 1.8.1 + version: 1.9.1 valuesContent: |- ingress: enabled: true @@ -29,3 +29,5 @@ spec: defaultSettings: defaultReplicaCount: 1 storageOverProvisioningPercentage: 100 + persistence: + defaultClassReplicaCount: 2 diff --git a/metallb-chart.yml b/metallb-chart.yml index cec0671..0d3139e 100644 --- a/metallb-chart.yml +++ b/metallb-chart.yml @@ -10,7 +10,7 @@ spec: targetNamespace: metallb-system repo: https://metallb.github.io/metallb # https://artifacthub.io/packages/helm/metallb/metallb - version: 0.14.9 + version: 0.15.2 valuesContent: |- prometheus: serviceMonitor: @@ -31,7 +31,7 @@ spec: resources: requests: cpu: 100m - memory: 100Mi + memory: 200Mi limits: cpu: 100m - memory: 100Mi + memory: 200Mi diff --git a/nextcloud-chart.yml b/nextcloud-chart.yml index 35d5d2b..24e6d6a 100644 --- a/nextcloud-chart.yml +++ b/nextcloud-chart.yml @@ -8,7 +8,7 @@ spec: targetNamespace: nextcloud repo: https://nextcloud.github.io/helm/ # https://artifacthub.io/packages/helm/nextcloud/nextcloud - version: 6.6.10 + version: 7.0.2 valuesContent: |- # resources: # requests: @@ -105,3 +105,5 @@ spec: nextcloudData.size: 256Gi cronjob: enabled: true + nodeSelector: + ai-capable: "true" diff --git a/ollama-chart.yml b/ollama-chart.yml new file mode 100644 index 0000000..c0b68ec --- /dev/null +++ b/ollama-chart.yml @@ -0,0 +1,26 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: ollama + namespace: open-webui +spec: + repo: https://helm.otwld.com/ + chart: ollama + targetNamespace: open-webui + createNamespace: true + # https://artifacthub.io/packages/helm/ollama-helm/ollama + version: 1.28.0 + valuesContent: |- + ollama: + models: + pull: + - llama3.1:8b + - gemma3:4b + - gemma3n:e4b + - qwen2.5-coder:7b + - qwen3:8b + persistence: + enabled: true + size: 32Gi + nodeSelector: + ai-capable: "true" diff --git a/openwebui-chart.yml b/openwebui-chart.yml index a1e91c1..0ae4e5f 100644 --- a/openwebui-chart.yml +++ b/openwebui-chart.yml @@ -7,23 +7,35 @@ spec: repo: https://helm.openwebui.com/ chart: open-webui targetNamespace: open-webui + # https://artifacthub.io/packages/helm/open-webui/open-webui + version: 7.7.0 valuesContent: |- - logging: - level: "debug" + ollama: + enabled: false + ollamaUrls: + - "http://ollama.open-webui.svc.cluster.local:11434" + pipelines: + enabled: false ingress: enabled: true class: "nginx" annotations: cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer" + nginx.ingress.kubernetes.io/proxy-buffering: "off" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-body-size: "0" host: "ai.keligrubb.com" tls: true existingSecret: "open-webui-tls" persistence: enabled: true - size: 64Gi + size: 8Gi sso: enabled: true enableRoleManagement: true + enableGroupManagement: true + enableSignup: true roleManagement: rolesClaim: "groups" adminRoles: "authentik Admins" @@ -33,3 +45,12 @@ spec: clientId: "xCwvgZsb5376ZWjvGpjNfagYKseLcnGjBYaqnJwl" clientSecret: "WN0CyvBG6tXkUmiXIm3UH7EtOml0UkcHV35jYbuuQ4nDN52jLDwSDg9XEAuEz4hs69FcbNPn8hYl21z2091P6AWOb186kcMr4an2dNIa3D82O092pPadQewQFZXijuNh" providerUrl: "https://login.keligrubb.com/application/o/luma/.well-known/openid-configuration" + extraEnvVars: + - name: OPENID_REDIRECT_URI + value: "https://ai.keligrubb.com/oauth/oidc/callback" + - name: ENABLE_LOGIN_FORM + value: "False" + - name: ENABLE_OAUTH_PERSISTENT_CONFIG + value: "False" + nodeSelector: + ai-capable: "true" diff --git a/victorialogs-chart.yml b/victorialogs-chart.yml new file mode 100644 index 0000000..32f7700 --- /dev/null +++ b/victorialogs-chart.yml @@ -0,0 +1,20 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: victoria-logs + namespace: monitoring +spec: + chart: victoria-logs-single + repo: https://victoriametrics.github.io/helm-charts/ + targetNamespace: monitoring + version: 0.11.6 + valuesContent: |- + server: + enabled: true + retentionPeriod: 14d + persistentVolume: + enabled: true + storageClass: longhorn + size: 20Gi + vector: + enabled: true diff --git a/woodpecker-ci-chart.yml b/woodpecker-ci-chart.yml index 1b5d3e6..f3c5a01 100644 --- a/woodpecker-ci-chart.yml +++ b/woodpecker-ci-chart.yml @@ -6,6 +6,7 @@ metadata: spec: chart: oci://ghcr.io/woodpecker-ci/helm/woodpecker targetNamespace: git + version: 3.3.0 valuesContent: |- server: host: "ci.keligrubb.com" @@ -18,6 +19,8 @@ spec: WOODPECKER_GITEA_URL: "https://git.keligrubb.com" WOODPECKER_GITEA_CLIENT: "15006ffa-071e-4edb-80f3-8dae4ebf450c" WOODPECKER_GITEA_SECRET: "gto_qo4svebb6jmjmty3scezsswxqygquf45osrmd5dfigktvemqlh7a" + WOODPECKER_AGENT_SECRET: "b81ad793422b24789a080af2ba26ec948248d578a5058be4d44cf783afdbf6b8" + WOODPECKER_ADMIN: "keligrubb" ingress: enabled: true ingressClassName: "nginx" @@ -34,8 +37,8 @@ spec: hosts: - "ci.keligrubb.com" agent: - replicas: 1 env: WOODPECKER_BACKEND_K8S_NAMESPACE: git - WOODPECKER_MAX_WORKFLOWS: "2" - WOODPECKER_SERVER: "woodpecker-ci-server.git.svc.cluster.local:9000" + WOODPECKER_BACKEND: kubernetes + WOODPECKER_SERVER: "woodpecker-ci-server:9000" + WOODPECKER_AGENT_SECRET: "b81ad793422b24789a080af2ba26ec948248d578a5058be4d44cf783afdbf6b8"