diff --git a/kustomize/deployment/httproute-http.yaml b/kustomize/deployment/httproute-http.yaml index ec0855d..43f5c01 100644 --- a/kustomize/deployment/httproute-http.yaml +++ b/kustomize/deployment/httproute-http.yaml @@ -9,7 +9,7 @@ spec: kind: Gateway namespace: homelab hostnames: - - web.leechpepin.local + - web.leechpepin.com rules: - matches: - path: diff --git a/namespaces/apps/linkwarden/kustomization.yaml b/namespaces/apps/linkwarden/kustomization.yaml index a4b53c0..6068652 100644 --- a/namespaces/apps/linkwarden/kustomization.yaml +++ b/namespaces/apps/linkwarden/kustomization.yaml @@ -69,12 +69,13 @@ patches: - path: patches/deployment.yaml target: kind: Deployment - # - path: patches/configmap.yaml - # target: - # kind: ConfigMap - path: patches/pvc.yaml target: kind: PersistentVolumeClaim + - path: patches/httproute-http.yaml + target: + kind: HTTPRoute + name: http labels: - includeSelectors: true @@ -86,7 +87,7 @@ labels: configMapGenerator: - name: config literals: - - NEXTAUTH_URL="http://linkwarden.leechpepin.com/api/v1/auth" + - NEXTAUTH_URL="https://linkwarden.leechpepin.com/api/v1/auth" - NEXT_PUBLIC_OLLAMA_ENDPOINT_URL="http://ollama.ai.svc.cluster.local:11434" - OLLAMA_MODEL="phi3:mini-4k" - NEXT_PUBLIC_AUTHENTIK_ENABLED="true" diff --git a/namespaces/apps/linkwarden/patches/configmap.yaml b/namespaces/apps/linkwarden/patches/configmap.yaml deleted file mode 100644 index e255e54..0000000 --- a/namespaces/apps/linkwarden/patches/configmap.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: config -data: - NEXTAUTH_URL: "http://linkwarden.leechpepin.com/api/v1/auth" - NEXT_PUBLIC_OLLAMA_ENDPOINT_URL: "http://ollama.ai.svc.cluster.local:11434" - OLLAMA_MODEL: "phi3:mini-4k" - NEXT_PUBLIC_AUTHENTIK_ENABLED: "true" - AUTHENTIK_CUSTOM_NAME: "Authentik" - AUTHENTIK_ISSUER: "https://auth.leechpepin.com/application/o/linkwarden" - AUTHENTIK_CLIENT_ID: "VQtaPxELuwFFUS412pZsk0TFIFpXqPpZYHul9Ddj" - NEXT_PUBLIC_DISABLE_REGISTRATION: "true" - NEXT_PUBLIC_CREDENTIALS_ENABLED: "false" - NEXT_PUBLIC_EMAIL_PROVIDER: "true" - EMAIL_FROM: "homelab@leechpepin.com" diff --git a/namespaces/apps/mealie/kustomization.yaml b/namespaces/apps/mealie/kustomization.yaml new file mode 100644 index 0000000..0f84ea5 --- /dev/null +++ b/namespaces/apps/mealie/kustomization.yaml @@ -0,0 +1,108 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +transformers: + - |- + apiVersion: builtin + kind: NamespaceTransformer + metadata: + name: notImportantHere + namespace: apps + unsetOnly: true + +namePrefix: mealie- +resources: + - ../../../kustomize/deployment/ + +replacements: + - source: + kind: Service + name: svc + targets: + - select: + kind: HTTPRoute + options: + create: true + fieldPaths: + - spec.rules.0.backendRefs.0.name + - source: + kind: Deployment + fieldPath: metadata.labels.[app.kubernetes.io/appName] + targets: + - select: + kind: HTTPRoute + options: + create: true + delimiter: "." + index: 0 + fieldPaths: + - spec.hostnames.0 + - select: + kind: InfisicalSecret + options: + delimiter: "-" + index: 0 + fieldPaths: + - spec.managedSecretReference.secretName + - select: + kind: InfisicalSecret + options: + delimiter: "/" + index: 2 + fieldPaths: + - spec.authentication.universalAuth.secretsScope.secretsPath + - select: + kind: Service + fieldPaths: + - spec.ports.0.name + - spec.ports.0.targetPort + - source: + kind: Deployment + fieldPath: metadata.labels.[app.kubernetes.io/appNamespace] + targets: + - select: + kind: InfisicalSecret + fieldPaths: + - spec.managedSecretReference.secretNamespace + +patches: + - path: patches/deployment.yaml + target: + kind: Deployment + - path: patches/httproute-http.yaml + target: + kind: HTTPRoute + name: http + +labels: + - includeSelectors: true + pairs: + app.kubernetes.io/appName: mealie + - pairs: + app.kubernetes.io/appNamespace: apps + +configMapGenerator: + - name: config + literals: + - ALLOW_SIGNUP="false" + - PUID=1000 + - PGID=1000 + - TZ=America/New_York + - BASE_URL=https://mealie.leechpepin.com + # Database Settings + - DB_ENGINE=postgres + - POSTGRES_USER=mealie + - POSTGRES_SERVER=postgres.core.svc.cluster.local + - POSTGRES_PORT=5432 + - POSTGRES_DB=mealie + # Use Ollama + - OPENAI_BASE_URL=http://ollama.ai.svc.cluster.local:11434 + - OPENAI_MODEL=llama3.2:latest + - OPENAI_API_KEY=gibberish + # Use Authentik OIDC + - OIDC_AUTH_ENABLED=true + - OIDC_CONFIGURATION_URL=https://auth.leechpepin.com/application/o/mealie/.well-known/openid-configuration + - OIDC_CLIENT_ID=tkLxhniR4IluqtYhMU4tz1vOUzS71kwxFr5gui7m + - OIDC_AUTO_REDIRECT=true + - OIDC_PROVIDER_NAME=Authentik + - OIDC_REMEMBER_ME=true diff --git a/namespaces/apps/mealie/patches/deployment.yaml b/namespaces/apps/mealie/patches/deployment.yaml new file mode 100644 index 0000000..46726a8 --- /dev/null +++ b/namespaces/apps/mealie/patches/deployment.yaml @@ -0,0 +1,41 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: app +spec: + template: + spec: + containers: + - name: mealie + image: ghcr.io/mealie-recipes/mealie:v2.5.0 + envFrom: + - configMapRef: + name: mealie-config + env: + - name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: mealie-secrets + key: MEALIE_PASSWORD + optional: false + - name: OIDC_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: mealie-secrets + key: AUTHENTIK_CLIENT_SECRET + optional: false + ports: + - containerPort: 9000 + protocol: TCP + name: mealie + resources: + limits: + memory: 1000Mi + volumeMounts: + - mountPath: /app/data + name: mealie + subPath: "data" + volumes: + - name: mealie + persistentVolumeClaim: + claimName: mealie-pvc diff --git a/namespaces/apps/mealie/patches/httproute-http.yaml b/namespaces/apps/mealie/patches/httproute-http.yaml new file mode 100644 index 0000000..d965efa --- /dev/null +++ b/namespaces/apps/mealie/patches/httproute-http.yaml @@ -0,0 +1,15 @@ +apiVersion: gateway.networking.k8s.io/v1 +kind: HTTPRoute +metadata: + name: http +spec: + rules: + - filters: + - type: RequestHeaderModifier + requestHeaderModifier: + set: + - name: "X-Forwarded-Proto" + value: "https" + backendRefs: + - name: web + port: 80