keligrubb/kubernetes
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

sync latest changes

Browse Source
This commit is contained in:
Madison Grubb
2025-08-29 16:15:32 -04:00
parent bc2debdea0
commit 50acf9c135
14 changed files with 134 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
authentik-chart.yml
View File

@@ -8,7 +8,7 @@ spec:
targetNamespace: authentik targetNamespace: authentik
repo: https://charts.goauthentik.io repo: https://charts.goauthentik.io
# https://artifacthub.io/packages/helm/goauthentik/authentik # https://artifacthub.io/packages/helm/goauthentik/authentik
version: 2025.6.3 version: 2025.8.1
valuesContent: |- valuesContent: |-
authentik: authentik:
secret_key: "0hETw0LhioALQ6vhNTiN5MuW1349KjPlol3Q3D6sC8BV+IlzyhIfZYth/7WapdmOM8ib3qyyGLC5/8Xk" secret_key: "0hETw0LhioALQ6vhNTiN5MuW1349KjPlol3Q3D6sC8BV+IlzyhIfZYth/7WapdmOM8ib3qyyGLC5/8Xk"
@@ -26,12 +26,13 @@ spec:
- secretName: authentik-tls - secretName: authentik-tls
hosts: hosts:
- login.keligrubb.com - login.keligrubb.com
# metrics: worker:
# enabled: true metrics:
# serviceMonitor: enabled: true
# enabled: true serviceMonitor:
# labels: enabled: true
# release: prometheus labels:
release: prometheus
postgresql: postgresql:
enabled: true enabled: true
auth: auth:

5
cert-manager-chart.yml
View File

@@ -8,12 +8,13 @@ spec:
targetNamespace: cert-manager targetNamespace: cert-manager
repo: https://charts.jetstack.io repo: https://charts.jetstack.io
# https://artifacthub.io/packages/helm/cert-manager/cert-manager # https://artifacthub.io/packages/helm/cert-manager/cert-manager
version: 1.17.2 version: 1.18.2
valuesContent: |- valuesContent: |-
prometheus: prometheus:
enabled: true enabled: true
servicemonitor: servicemonitor:
enabled: true enabled: true
installCRDs: true crds:
enabled: true
extraArgs: extraArgs:
- --dns01-recursive-nameservers-only - --dns01-recursive-nameservers-only

8
gitea-chart.yml
View File

@@ -1,5 +1,3 @@
# helm repo add gitea-charts https://dl.gitea.io/charts/
# helm install gitea gitea-charts/gitea
apiVersion: helm.cattle.io/v1 apiVersion: helm.cattle.io/v1
kind: HelmChart kind: HelmChart
metadata: metadata:
@@ -10,7 +8,7 @@ spec:
targetNamespace: git targetNamespace: git
repo: https://dl.gitea.io/charts/ repo: https://dl.gitea.io/charts/
# https://gitea.com/gitea/helm-chart/releases # https://gitea.com/gitea/helm-chart/releases
version: 12.1.1 version: 12.2.0
valuesContent: |- valuesContent: |-
resources: resources:
limits: limits:
@@ -26,6 +24,7 @@ spec:
gitea: gitea:
admin: admin:
email: keligrubb324@gmail.com email: keligrubb324@gmail.com
password: B@ssguitar324
metrics: metrics:
enabled: true enabled: true
serviceMonitor: serviceMonitor:
@@ -33,6 +32,9 @@ spec:
config: config:
ui: ui:
DEFAULT_THEME: gitea-dark DEFAULT_THEME: gitea-dark
service:
ENABLE_PASSWORD_SIGNIN_FORM: false
ENABLE_BASIC_AUTHENTICATION: false
database: database:
DB_TYPE: sqlite3 DB_TYPE: sqlite3
NAME: /data/gitea/gitea.db NAME: /data/gitea/gitea.db

5
ingress-nginx-chart.yml
View File

@@ -8,7 +8,7 @@ spec:
targetNamespace: ingress-nginx targetNamespace: ingress-nginx
repo: https://kubernetes.github.io/ingress-nginx repo: https://kubernetes.github.io/ingress-nginx
# https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx # https://artifacthub.io/packages/helm/ingress-nginx/ingress-nginx
version: 4.12.2 version: 4.13.1
valuesContent: |- valuesContent: |-
controller: controller:
metrics: metrics:
@@ -29,5 +29,4 @@ spec:
allowSnippetAnnotations: true allowSnippetAnnotations: true
config: config:
annotations-risk-level: Critical annotations-risk-level: Critical
tcp: strict-validate-path-type: false
22: git/gitea-ssh:22

20
jellyfin-chart.yml
View File

@@ -10,6 +10,8 @@ spec:
# https://github.com/jellyfin/jellyfin-helm/releases # https://github.com/jellyfin/jellyfin-helm/releases
version: 2.3.0 version: 2.3.0
valuesContent: |- valuesContent: |-
image:
tag: "10.10.7"
timezone: "America/New_York" timezone: "America/New_York"
ingress: ingress:
enabled: true enabled: true
@@ -28,7 +30,23 @@ spec:
persistence: persistence:
config: config:
enabled: true enabled: true
size: 5Gi size: 16Gi
media: media:
enabled: true enabled: true
existingClaim: "jellyfin-nfs-media-pvc" existingClaim: "jellyfin-nfs-media-pvc"
securityContext:
capabilities:
add:
- "SYS_ADMIN"
drop:
- "ALL"
privileged: false
extraVolumes:
- name: hwa
hostPath:
path: /dev/dri
extraVolumeMounts:
- name: hwa
mountPath: /dev/dri
nodeSelector:
ai-capable: "true"

2
jellyfin-nfs.yml
View File

@@ -14,7 +14,7 @@ spec:
- hard - hard
- nfsvers=4.1 - nfsvers=4.1
nfs: nfs:
server: 192.168.1.153 server: 192.168.1.159
path: "/mnt/homestead/jellyfin" path: "/mnt/homestead/jellyfin"
--- ---

20
kube-prometheus-stack-chart.yml
View File

@@ -8,7 +8,7 @@ spec:
targetNamespace: monitoring targetNamespace: monitoring
repo: https://prometheus-community.github.io/helm-charts repo: https://prometheus-community.github.io/helm-charts
# https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack # https://artifacthub.io/packages/helm/prometheus-community/kube-prometheus-stack
version: 75.9.0 version: 76.5.0
valuesContent: |- valuesContent: |-
grafana: grafana:
envValueFrom: envValueFrom:
@@ -17,6 +17,8 @@ spec:
name: authentik-oauth-client-secret name: authentik-oauth-client-secret
key: client-secret key: client-secret
defaultDashboardsTimezone: "US/Eastern" defaultDashboardsTimezone: "US/Eastern"
plugins:
- victoriametrics-logs-datasource
ingress: ingress:
enabled: true enabled: true
ingressClassName: nginx ingressClassName: nginx
@@ -46,12 +48,12 @@ spec:
token_url: "https://login.keligrubb.com/application/o/token/" token_url: "https://login.keligrubb.com/application/o/token/"
api_url: "https://login.keligrubb.com/application/o/userinfo/" api_url: "https://login.keligrubb.com/application/o/userinfo/"
role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer' role_attribute_path: contains(groups, 'Grafana Admins') && 'Admin' || contains(groups, 'Grafana Editors') && 'Editor' || 'Viewer'
# additionalDataSources: additionalDataSources:
# - name: Loki - name: VictoriaLogs
# type: loki type: victoriametrics-logs-datasource
# access: proxy access: proxy
# basicAuth: false basicAuth: false
# url: http://loki-gateway.monitoring.svc.cluster.local url: http://victoria-logs-victoria-logs-single-server.monitoring.svc.cluster.local:9428
config: config:
auth: auth:
signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/" signout_redirect_url: "https://login.keligrubb.com/application/o/grafana/end-session/"
@@ -100,8 +102,8 @@ spec:
serviceMonitorSelectorNilUsesHelmValues: false serviceMonitorSelectorNilUsesHelmValues: false
podMonitorSelectorNilUsesHelmValues: false podMonitorSelectorNilUsesHelmValues: false
probeSelectorNilUsesHelmValues: fales probeSelectorNilUsesHelmValues: fales
retention: 30d retention: 14d
retentionSize: "64GB" retentionSize: "16GB"
enableAdminAPI: true enableAdminAPI: true
securityContext: securityContext:
runAsUser: 0 runAsUser: 0

4
longhorn-chart.yml
View File

@@ -8,7 +8,7 @@ spec:
targetNamespace: longhorn-system targetNamespace: longhorn-system
repo: https://charts.longhorn.io repo: https://charts.longhorn.io
# https://artifacthub.io/packages/helm/longhorn/longhorn # https://artifacthub.io/packages/helm/longhorn/longhorn
version: 1.8.1 version: 1.9.1
valuesContent: |- valuesContent: |-
ingress: ingress:
enabled: true enabled: true
@@ -29,3 +29,5 @@ spec:
defaultSettings: defaultSettings:
defaultReplicaCount: 1 defaultReplicaCount: 1
storageOverProvisioningPercentage: 100 storageOverProvisioningPercentage: 100
persistence:
defaultClassReplicaCount: 2

6
metallb-chart.yml
View File

@@ -10,7 +10,7 @@ spec:
targetNamespace: metallb-system targetNamespace: metallb-system
repo: https://metallb.github.io/metallb repo: https://metallb.github.io/metallb
# https://artifacthub.io/packages/helm/metallb/metallb # https://artifacthub.io/packages/helm/metallb/metallb
version: 0.14.9 version: 0.15.2
valuesContent: |- valuesContent: |-
prometheus: prometheus:
serviceMonitor: serviceMonitor:
@@ -31,7 +31,7 @@ spec:
resources: resources:
requests: requests:
cpu: 100m cpu: 100m
memory: 100Mi memory: 200Mi
limits: limits:
cpu: 100m cpu: 100m
memory: 100Mi memory: 200Mi

4
nextcloud-chart.yml
View File

@@ -8,7 +8,7 @@ spec:
targetNamespace: nextcloud targetNamespace: nextcloud
repo: https://nextcloud.github.io/helm/ repo: https://nextcloud.github.io/helm/
# https://artifacthub.io/packages/helm/nextcloud/nextcloud # https://artifacthub.io/packages/helm/nextcloud/nextcloud
version: 6.6.10 version: 7.0.2
valuesContent: |- valuesContent: |-
# resources: # resources:
# requests: # requests:
@@ -105,3 +105,5 @@ spec:
nextcloudData.size: 256Gi nextcloudData.size: 256Gi
cronjob: cronjob:
enabled: true enabled: true
nodeSelector:
ai-capable: "true"

26
ollama-chart.yml Normal file
View File

@@ -0,0 +1,26 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: ollama
namespace: open-webui
spec:
repo: https://helm.otwld.com/
chart: ollama
targetNamespace: open-webui
createNamespace: true
# https://artifacthub.io/packages/helm/ollama-helm/ollama
version: 1.28.0
valuesContent: |-
ollama:
models:
pull:
- llama3.1:8b
- gemma3:4b
- gemma3n:e4b
- qwen2.5-coder:7b
- qwen3:8b
persistence:
enabled: true
size: 32Gi
nodeSelector:
ai-capable: "true"

27
openwebui-chart.yml
View File

@@ -7,23 +7,35 @@ spec:
repo: https://helm.openwebui.com/ repo: https://helm.openwebui.com/
chart: open-webui chart: open-webui
targetNamespace: open-webui targetNamespace: open-webui
# https://artifacthub.io/packages/helm/open-webui/open-webui
version: 7.7.0
valuesContent: |- valuesContent: |-
logging: ollama:
level: "debug" enabled: false
ollamaUrls:
- "http://ollama.open-webui.svc.cluster.local:11434"
pipelines:
enabled: false
ingress: ingress:
enabled: true enabled: true
class: "nginx" class: "nginx"
annotations: annotations:
cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer" cert-manager.io/cluster-issuer: "letsencrypt-cluster-issuer"
nginx.ingress.kubernetes.io/proxy-buffering: "off"
nginx.ingress.kubernetes.io/proxy-read-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-send-timeout: "3600"
nginx.ingress.kubernetes.io/proxy-body-size: "0"
host: "ai.keligrubb.com" host: "ai.keligrubb.com"
tls: true tls: true
existingSecret: "open-webui-tls" existingSecret: "open-webui-tls"
persistence: persistence:
enabled: true enabled: true
size: 64Gi size: 8Gi
sso: sso:
enabled: true enabled: true
enableRoleManagement: true enableRoleManagement: true
enableGroupManagement: true
enableSignup: true
roleManagement: roleManagement:
rolesClaim: "groups" rolesClaim: "groups"
adminRoles: "authentik Admins" adminRoles: "authentik Admins"
@@ -33,3 +45,12 @@ spec:
clientId: "xCwvgZsb5376ZWjvGpjNfagYKseLcnGjBYaqnJwl" clientId: "xCwvgZsb5376ZWjvGpjNfagYKseLcnGjBYaqnJwl"
clientSecret: "WN0CyvBG6tXkUmiXIm3UH7EtOml0UkcHV35jYbuuQ4nDN52jLDwSDg9XEAuEz4hs69FcbNPn8hYl21z2091P6AWOb186kcMr4an2dNIa3D82O092pPadQewQFZXijuNh" clientSecret: "WN0CyvBG6tXkUmiXIm3UH7EtOml0UkcHV35jYbuuQ4nDN52jLDwSDg9XEAuEz4hs69FcbNPn8hYl21z2091P6AWOb186kcMr4an2dNIa3D82O092pPadQewQFZXijuNh"
providerUrl: "https://login.keligrubb.com/application/o/luma/.well-known/openid-configuration" providerUrl: "https://login.keligrubb.com/application/o/luma/.well-known/openid-configuration"
extraEnvVars:
- name: OPENID_REDIRECT_URI
value: "https://ai.keligrubb.com/oauth/oidc/callback"
- name: ENABLE_LOGIN_FORM
value: "False"
- name: ENABLE_OAUTH_PERSISTENT_CONFIG
value: "False"
nodeSelector:
ai-capable: "true"

20
victorialogs-chart.yml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: victoria-logs
namespace: monitoring
spec:
chart: victoria-logs-single
repo: https://victoriametrics.github.io/helm-charts/
targetNamespace: monitoring
version: 0.11.6
valuesContent: |-
server:
enabled: true
retentionPeriod: 14d
persistentVolume:
enabled: true
storageClass: longhorn
size: 20Gi
vector:
enabled: true

9
woodpecker-ci-chart.yml
View File

@@ -6,6 +6,7 @@ metadata:
spec: spec:
chart: oci://ghcr.io/woodpecker-ci/helm/woodpecker chart: oci://ghcr.io/woodpecker-ci/helm/woodpecker
targetNamespace: git targetNamespace: git
version: 3.3.0
valuesContent: |- valuesContent: |-
server: server:
host: "ci.keligrubb.com" host: "ci.keligrubb.com"
@@ -18,6 +19,8 @@ spec:
WOODPECKER_GITEA_URL: "https://git.keligrubb.com" WOODPECKER_GITEA_URL: "https://git.keligrubb.com"
WOODPECKER_GITEA_CLIENT: "15006ffa-071e-4edb-80f3-8dae4ebf450c" WOODPECKER_GITEA_CLIENT: "15006ffa-071e-4edb-80f3-8dae4ebf450c"
WOODPECKER_GITEA_SECRET: "gto_qo4svebb6jmjmty3scezsswxqygquf45osrmd5dfigktvemqlh7a" WOODPECKER_GITEA_SECRET: "gto_qo4svebb6jmjmty3scezsswxqygquf45osrmd5dfigktvemqlh7a"
WOODPECKER_AGENT_SECRET: "b81ad793422b24789a080af2ba26ec948248d578a5058be4d44cf783afdbf6b8"
WOODPECKER_ADMIN: "keligrubb"
ingress: ingress:
enabled: true enabled: true
ingressClassName: "nginx" ingressClassName: "nginx"
@@ -34,8 +37,8 @@ spec:
hosts: hosts:
- "ci.keligrubb.com" - "ci.keligrubb.com"
agent: agent:
replicas: 1
env: env:
WOODPECKER_BACKEND_K8S_NAMESPACE: git WOODPECKER_BACKEND_K8S_NAMESPACE: git
WOODPECKER_MAX_WORKFLOWS: "2" WOODPECKER_BACKEND: kubernetes
WOODPECKER_SERVER: "woodpecker-ci-server.git.svc.cluster.local:9000" WOODPECKER_SERVER: "woodpecker-ci-server:9000"
WOODPECKER_AGENT_SECRET: "b81ad793422b24789a080af2ba26ec948248d578a5058be4d44cf783afdbf6b8"