DGSE/kubernetes
1
0
Fork 0
Code Issues 3 Pull Requests 8 Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: DGSE:renovate/vault-0.x
Branches Tags
DGSE:main DGSE:renovate/nextcloud-8.x DGSE:renovate/vaultwarden-0.x DGSE:renovate/penpot-0.x DGSE:renovate/external-secrets-2.x DGSE:renovate/cloudnative-pg-0.x DGSE:renovate/external-secrets-1.x DGSE:renovate/argoproj-argo-cd-3.x DGSE:renovate/vault-0.x
...
pull from: DGSE:renovate/cloudnative-pg-0.x
Branches Tags
DGSE:renovate/nextcloud-8.x DGSE:renovate/vaultwarden-0.x DGSE:renovate/penpot-0.x DGSE:renovate/external-secrets-2.x DGSE:renovate/cloudnative-pg-0.x DGSE:renovate/external-secrets-1.x DGSE:main DGSE:renovate/argoproj-argo-cd-3.x DGSE:renovate/vault-0.x

20 Commits
renovate/v ... renovate/c

Author SHA1 Message Date
Renovate Bot
32d82d01e8 chore(deps): update helm release cloudnative-pg to v0.27.1 2026-02-06 00:03:40 +00:00
Daniël Groothuis
9073ff9094 chore(osx): Added OSX container 2026-02-02 11:52:14 +01:00
Daniël Groothuis
52b3ee5eaa chore(osx): Added OSX container 2026-02-02 11:51:30 +01:00
Daniël Groothuis
078148732b chore(osx): Added OSX container 2026-02-02 11:47:26 +01:00
Daniël Groothuis
5a5caf45ee chore(osx): Added OSX container 2026-02-02 11:46:29 +01:00
Daniël Groothuis
2080d3d913 chore(osx): Added OSX container 2026-02-02 11:43:49 +01:00
Daniël Groothuis
797dc958d2 chore(osx): Added OSX container 2026-02-02 11:39:46 +01:00
Daniël Groothuis
bbfc8bbb27 Merge pull request 'chore(deps): update dependency argoproj/argo-cd to v3.2.6' (#35) from renovate/argoproj-argo-cd-3.x into main 
Reviewed-on: #35
 2026-01-24 16:00:25 +00:00
Daniël Groothuis
a5f0a6b081 Merge pull request 'chore(deps): update helm release penpot to v0.32.0' (#37) from renovate/penpot-0.x into main 
Reviewed-on: #37
 2026-01-24 15:58:56 +00:00
Daniël Groothuis
1bf0be751b Merge pull request 'chore(deps): update helm release gitea to v12.5.0' (#39) from renovate/gitea-12.x into main 
Reviewed-on: #39
 2026-01-24 15:55:26 +00:00
Daniël Groothuis
91ecd3b4c1 Update clusters/artemis/apps/kustomization.yaml 2026-01-24 15:46:50 +00:00
Daniël Groothuis
f5b3b5efe5 Update manifests/artemis/immich/volumeClaims.yaml 2026-01-24 15:42:58 +00:00
Daniël Groothuis
657c26e122 Update manifests/artemis/immich/values.yaml 2026-01-24 15:41:53 +00:00
Daniël Groothuis
49aa5f32f0 Update clusters/artemis/apps/external-secrets/application.yaml 2026-01-24 15:36:11 +00:00
Daniël Groothuis
a186c62acd Update manifests/artemis/mailu/kustomization.yaml 2026-01-24 15:14:42 +00:00
Daniël Groothuis
3818186562 Update manifests/artemis/mailu/kustomization.yaml 2026-01-24 15:12:53 +00:00
Daniël Groothuis
e2517be2b6 Update manifests/artemis/gitea/values.yaml 2026-01-24 15:07:09 +00:00
Renovate Bot
db123ab04f chore(deps): update helm release gitea to v12.5.0 2026-01-24 15:06:33 +00:00
Renovate Bot
2a206af9f6 chore(deps): update dependency argoproj/argo-cd to v3.2.6 2026-01-23 00:02:35 +00:00
Renovate Bot
1f12d004d7 chore(deps): update helm release penpot to v0.32.0 2026-01-07 21:39:10 +00:00
31 changed files with 230 additions and 465 deletions
Expand all files Collapse all files

1
clusters/artemis/apps/external-secrets/application.yaml
View File

@@ -18,6 +18,7 @@ spec:
name: in-cluster
syncPolicy:
syncOptions:
- ServerSideApply=true
- CreateNamespace=true
automated:
prune: true

6
clusters/artemis/apps/osx/app-project.yaml → clusters/artemis/apps/kaneo/app-project.yaml
View File

@@ -2,15 +2,15 @@
apiVersion: argoproj.io/v1alpha1
kind: AppProject
metadata:
name: osx
name: kaneo
spec:
description: osx container to proxy shortcuts
description: Project Management
sourceRepos:
- '*'
sourceNamespaces:
- '*'
destinations:
- namespace: 'osx'
- namespace: 'kaneo'
server: '*'
clusterResourceWhitelist:
- group: '*'

10
clusters/artemis/apps/osx/application.yaml → clusters/artemis/apps/kaneo/application.yaml
View File

@@ -1,20 +1,20 @@
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: osx
namespace: osx
name: kaneo
namespace: kaneo
labels:
platform.dgse.cloud/cluster: artemis
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: osx
project: kaneo
source:
repoURL: 'https://git.dgse.cloud/DGSE/kubernetes.git'
path: manifests/artemis/osx
path: manifests/artemis/kaneo
targetRevision: main
destination:
namespace: osx
namespace: kaneo
name: in-cluster
syncPolicy:
syncOptions:

0
clusters/artemis/apps/osx/kustomization.yaml → clusters/artemis/apps/kaneo/kustomization.yaml
View File

4
clusters/artemis/apps/kustomization.yaml
View File

@@ -13,9 +13,7 @@ resources:
- pocket-id
- vaultwarden
- mailu
- ntfy
- penpot
- immich
- digital-garden
- nextcloud
- osx
- kaneo

2
manifests/artemis/argocd/kustomization.yaml
View File

@@ -5,7 +5,7 @@ metadata:
name: argocd
resources:
- github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.2
- github.com/argoproj/argo-cd/manifests/cluster-install?ref=v3.2.6
- ingressRoute.yaml
- certificate.yaml
- backstage-sa.yaml

2
manifests/artemis/cnpg/kustomization.yaml
View File

@@ -7,6 +7,6 @@ metadata:
helmCharts:
- name: cloudnative-pg
repo: https://cloudnative-pg.github.io/charts
version: 0.26.1
version: 0.27.1
releaseName: cnpg
namespace: cnpg-system

2
manifests/artemis/gitea/kustomization.yaml
View File

@@ -7,7 +7,7 @@ metadata:
helmCharts:
- name: gitea
repo: https://dl.gitea.com/charts/
version: 12.4.0
version: 12.5.0
releaseName: gitea
namespace: gitea
valuesFile: values.yaml

8
manifests/artemis/gitea/values.yaml
View File

@@ -645,11 +645,11 @@ postgresql-ha:
password: changeme4
resources:
limits:
cpu: 1000m
memory: 1Gi
cpu: 2000m
memory: 2Gi
requests:
cpu: 750m
memory: 750Mi
cpu: 1500m
memory: 2Gi
## @param postgresql-ha.pgpool.adminPassword pgpool adminPassword
## @param postgresql-ha.pgpool.image.repository Image repository, eg. `bitnamilegacy/pgpool`.

2
manifests/artemis/immich/values.yaml
View File

@@ -94,7 +94,7 @@ server:
secretName: immich-tls
machine-learning:
enabled: true
enabled: false
controllers:
main:
containers:

24
manifests/artemis/immich/volumeClaims.yaml
View File

@@ -1,15 +1,15 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: immich-ml-pvc
spec:
storageClassName: local-path
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
# ---
# apiVersion: v1
# kind: PersistentVolumeClaim
# metadata:
# name: immich-ml-pvc
# spec:
# storageClassName: local-path
# accessModes:
# - ReadWriteOnce
# resources:
# requests:
# storage: 10Gi
---
apiVersion: v1
kind: PersistentVolumeClaim

16
manifests/artemis/kaneo/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: kaneo
#resources:
# - secret.yaml
helmCharts:
- name: charts/kaneo
repo: https://github.com/usekaneo/kaneo
version: 0.1.0
releaseName: kaneo
namespace: kaneo
valuesFile: values.yaml

183
manifests/artemis/kaneo/values.yaml Normal file
View File

@@ -0,0 +1,183 @@
# Global values
nameOverride: ""
fullnameOverride: ""
replicaCount: 1
# Autoscaling configuration
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 10
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
# Pod configuration
podAnnotations: {}
podSecurityContext: {}
nodeSelector: {}
tolerations: []
affinity: {}
# Service account configuration
serviceAccount:
create: true
annotations: {}
name: ""
# PostgreSQL database configuration
postgresql:
# Set to true to deploy PostgreSQL as part of this chart
enabled: true
image:
repository: postgres
tag: 16-alpine
pullPolicy: IfNotPresent
# Database configuration
auth:
database: kaneo
username: kaneo_user
password: kaneo_password
# Use existing secret for database credentials (optional)
existingSecret: ""
secretKeys:
adminPasswordKey: postgres-password
userPasswordKey: password
# Persistence for PostgreSQL data
persistence:
enabled: true
size: 8Gi
storageClass: ""
accessMode: ReadWriteOnce
# PostgreSQL service configuration
service:
type: ClusterIP
port: 5432
# Resources for PostgreSQL
resources: {}
# resources:
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 128Mi
# API backend configuration
api:
image:
repository: ghcr.io/usekaneo/api
tag: latest
pullPolicy: IfNotPresent
securityContext: {}
service:
type: ClusterIP
port: 1337
targetPort: 1337
# Resources are optional and disabled by default
resources: {}
# resources:
# limits:
# cpu: 500m
# memory: 512Mi
# requests:
# cpu: 100m
# memory: 128Mi
# Environment variables for the API
env:
jwtAccess: appelflap
existingSecret:
enabled: false
name: ""
key: jwt-access
disableRegistration: false
# Database configuration
database:
# Use external PostgreSQL (set postgresql.enabled to false)
# Important: when using external postgres, make sure you have set up the db user correctly:
# CREATE DATABASE kaneo;
# CREATE USER kaneo_user WITH PASSWORD 'your_password';
# GRANT ALL PRIVILEGES ON DATABASE kaneo TO kaneo_user;
# \c kaneo;
# GRANT USAGE ON SCHEMA public TO kaneo_user;
# GRANT CREATE ON SCHEMA public TO kaneo_user;
# ALTER SCHEMA public OWNER TO kaneo_user;
external:
enabled: false
host: ""
port: 5432
database: kaneo
username: kaneo_user
password: ""
# Use existing secret for external database credentials in the form of a uri, e.g.: "postgresql://user:pass@host:port/db"
existingSecret:
enabled: false
name: ""
passwordKey: postgres_uri
livenessProbe:
httpGet:
path: /me
port: api
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /me
port: api
initialDelaySeconds: 5
periodSeconds: 10
# Web frontend configuration
web:
image:
repository: ghcr.io/usekaneo/web
tag: latest
pullPolicy: IfNotPresent
# Environment variables for the Web
env:
# Optional: Override the default API URL (http://localhost:1337)
# The /api path will be automatically appended to the URL
# Make sure this url matches the ingress host
# apiUrl: "https://kaneo.example.com"
apiUrl: ""
securityContext: {}
service:
type: ClusterIP
port: 80
targetPort: 80
# Resources are optional and disabled by default
resources: {}
# resources:
# limits:
# cpu: 300m
# memory: 256Mi
# requests:
# cpu: 100m
# memory: 128Mi
livenessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: web
initialDelaySeconds: 5
periodSeconds: 10
# Ingress configuration
ingress:
enabled: true
className: traefik
annotations:
cert-manager.io/cluster-issuer: letsencrypt
hosts:
# Use the same host in the web env variable apiUrl (with http:// or https://)
- host: projects.dgse.cloud
paths:
- path: /?(.*)
pathType: ImplementationSpecific
service: web
port: 80
- path: /api/?(.*)
pathType: ImplementationSpecific
service: api
port: 1337
tls:
- projects.dgse.cloud

21
manifests/artemis/kener/db-cluster.yaml
View File

@@ -1,21 +0,0 @@
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: kener-postgres
spec:
instances: 1
managed:
roles:
- name: kener
superuser: true
login: true
bootstrap:
initdb:
database: kener
owner: kener
secret:
name: kener-postgres-user
storage:
size: 4Gi
storageClass: local-path

79
manifests/artemis/kener/deployment.yaml
View File

@@ -1,79 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: kener
spec:
selector:
matchLabels:
app: kener
template:
metadata:
labels:
app: kener
spec:
containers:
- name: kener
image: rajnandan1/kener:latest
ports:
- containerPort: 3000
name: http
volumeMounts:
- name: kener-uploads
mountPath: "/app/uploads"
env:
- name: ORIGIN
valueFrom:
secretKeyRef:
name: kener-secret
key: ORIGIN
- name: DATABASE_URL
valueFrom:
secretKeyRef:
name: kener-secret
key: DATABASE_URL
- name: KENER_SECRET_KEY
valueFrom:
secretKeyRef:
name: kener-secret
key: KENER_SECRET_KEY
- name: SMTP_HOST
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_HOST
- name: SMTP_PORT
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_PORT
- name: SMTP_USER
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_USER
- name: SMTP_PASS
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_PASS
- name: SMTP_SECURE
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_SECURE
- name: SMTP_FROM_EMAIL
valueFrom:
secretKeyRef:
name: kener-secret
key: SMTP_FROM_EMAIL
- name: TZ
valueFrom:
secretKeyRef:
name: kener-secret
key: TZ
volumes:
- name: kener-uploads
persistentVolumeClaim:
claimName: kener-pvc

22
manifests/artemis/kener/ingress.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
name: kener-ingress
spec:
rules:
- host: monitor.dgse.cloud
http:
paths:
- backend:
service:
name: kener
port:
number: 3000
path: /
pathType: Prefix
tls:
- hosts:
- monitor.dgse.cloud
secretName: letsencrypt

13
manifests/artemis/kener/kustomization.yaml
View File

@@ -1,13 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
metadata:
name: kener
resources:
- secret.yaml
- db-cluster.yaml
- service.yaml
- pvc.yaml
- deployment.yaml
- ingress.yaml

11
manifests/artemis/kener/pvc.yaml
View File

@@ -1,11 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: kener-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi

74
manifests/artemis/kener/secret.yaml
View File

@@ -1,74 +0,0 @@
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kener-secret
spec:
refreshInterval: 1h
secretStoreRef:
name: platform
kind: ClusterSecretStore
target:
name: kener-secret
data:
- secretKey: ORIGIN
remoteRef:
key: kener
property: ORIGIN
- secretKey: DATABASE_URL
remoteRef:
key: kener
property: DATABASE_URL
- secretKey: KENER_SECRET_KEY
remoteRef:
key: kener
property: KENER_SECRET_KEY
- secretKey: SMTP_HOST
remoteRef:
key: kener
property: SMTP_HOST
- secretKey: SMTP_PORT
remoteRef:
key: kener
property: SMTP_PORT
- secretKey: SMTP_USER
remoteRef:
key: kener
property: SMTP_USER
- secretKey: SMTP_PASS
remoteRef:
key: kener
property: SMTP_PASS
- secretKey: SMTP_SECURE
remoteRef:
key: kener
property: SMTP_SECURE
- secretKey: SMTP_FROM_EMAIL
remoteRef:
key: kener
property: SMTP_FROM_EMAIL
- secretKey: TZ
remoteRef:
key: kener
property: TZ
---
apiVersion: external-secrets.io/v1
kind: ExternalSecret
metadata:
name: kener-postgres-user
spec:
refreshInterval: 1h
secretStoreRef:
name: platform
kind: ClusterSecretStore
target:
name: kener-postgres-user
data:
- secretKey: username
remoteRef:
key: kener
property: postgres_username
- secretKey: password
remoteRef:
key: kener
property: postgres_password

12
manifests/artemis/kener/service.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: kener
spec:
selector:
app: kener
ports:
- protocol: TCP
port: 3000
targetPort: 3000

8
manifests/artemis/ntfy/basicauth.yaml
View File

@@ -1,8 +0,0 @@
---
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: basic-auth
spec:
basicAuth:
secret: basic-auth

12
manifests/artemis/ntfy/configmap.yaml
View File

@@ -1,12 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: ntfy
data:
server.yml: |
# Template: https://github.com/binwiederhier/ntfy/blob/main/server/server.yml
base-url: https://notifications.dgse.cloud
enable-login: true
enable-signup: false
upstream-base-url: "https://ntfy.sh"

33
manifests/artemis/ntfy/deployment.yaml
View File

@@ -1,33 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: ntfy
spec:
selector:
matchLabels:
app: ntfy
template:
metadata:
labels:
app: ntfy
spec:
containers:
- name: ntfy
image: binwiederhier/ntfy
args: ["serve"]
resources:
limits:
memory: "128Mi"
cpu: "500m"
ports:
- containerPort: 80
name: http
volumeMounts:
- name: config
mountPath: "/etc/ntfy"
readOnly: true
volumes:
- name: config
configMap:
name: ntfy

18
manifests/artemis/ntfy/ingress.yaml
View File

@@ -1,18 +0,0 @@
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: ntfy-ingress
spec:
entryPoints:
- websecure
routes:
- match: Host(`notifications.dgse.cloud`)
kind: Rule
middlewares:
- name: basic-auth
services:
- name: ntfy
port: 80
tls:
secretName: letsencrypt

12
manifests/artemis/ntfy/service.yaml
View File

@@ -1,12 +0,0 @@
---
# Basic service for port 80
apiVersion: v1
kind: Service
metadata:
name: ntfy
spec:
selector:
app: ntfy
ports:
- port: 80
targetPort: 80

58
manifests/artemis/osx/deployment.yaml
View File

@@ -1,58 +0,0 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: macos
labels:
name: macos
spec:
replicas: 1
selector:
matchLabels:
app: macos
template:
metadata:
labels:
app: macos
spec:
containers:
- name: macos
image: dockurr/macos
env:
- name: VERSION
value: "14"
- name: DISK_SIZE
value: "64G"
- name: KVM
value: "N"
ports:
- containerPort: 8006
name: http
protocol: TCP
- containerPort: 5900
name: vnc
protocol: TCP
securityContext:
capabilities:
add:
- NET_ADMIN
privileged: true
volumeMounts:
- mountPath: /storage
name: storage
- mountPath: /dev/kvm
name: dev-kvm
- mountPath: /dev/net/tun
name: dev-tun
terminationGracePeriodSeconds: 120
volumes:
- name: storage
persistentVolumeClaim:
claimName: macos-pvc
- hostPath:
path: /dev/kvm
name: dev-kvm
- hostPath:
path: /dev/net/tun
type: CharDevice
name: dev-tun

22
manifests/artemis/osx/ingress.yaml
View File

@@ -1,22 +0,0 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt
name: osx-ingress
spec:
rules:
- host: osx.dgse.cloud
http:
paths:
- backend:
service:
name: macos
port:
number: 8006
path: /
pathType: Prefix
tls:
- hosts:
- osx.dgse.cloud
secretName: letsencrypt

8
manifests/artemis/osx/kustomization.yaml
View File

@@ -1,8 +0,0 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- service.yaml
- deployment.yaml
- pvc.yaml

11
manifests/artemis/osx/pvc.yaml
View File

@@ -1,11 +0,0 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: macos-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Gi

19
manifests/artemis/osx/service.yaml
View File

@@ -1,19 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: macos
spec:
internalTrafficPolicy: Cluster
ports:
- name: http
port: 8006
protocol: TCP
targetPort: 8006
- name: vnc
port: 5900
protocol: TCP
targetPort: 5900
selector:
app: macos
type: ClusterIP

2
manifests/artemis/penpot/kustomization.yaml
View File

@@ -10,7 +10,7 @@ resources:
helmCharts:
- name: penpot
repo: http://helm.penpot.app
version: 0.30.0
version: 0.32.0
releaseName: penpot
namespace: penpot
valuesFile: values.yaml