From af28ded13886adac2be26c4206882315eb5f3070 Mon Sep 17 00:00:00 2001
From: Jonathan Leech-Pepin <jonathan@leechpepin.com>
Date: Fri, 31 Jan 2025 09:04:50 -0500
Subject: [PATCH] Mealie now works. Linkwarden cleaned up
---
kustomize/deployment/httproute-http.yaml | 2 +-
namespaces/apps/linkwarden/kustomization.yaml | 9 +-
.../apps/linkwarden/patches/configmap.yaml | 16 ---
namespaces/apps/mealie/kustomization.yaml | 108 ++++++++++++++++++
.../apps/mealie/patches/deployment.yaml | 41 +++++++
.../apps/mealie/patches/httproute-http.yaml | 15 +++
6 files changed, 170 insertions(+), 21 deletions(-)
delete mode 100644 namespaces/apps/linkwarden/patches/configmap.yaml
create mode 100644 namespaces/apps/mealie/kustomization.yaml
create mode 100644 namespaces/apps/mealie/patches/deployment.yaml
create mode 100644 namespaces/apps/mealie/patches/httproute-http.yaml
diff --git a/kustomize/deployment/httproute-http.yaml b/kustomize/deployment/httproute-http.yaml
index ec0855d..43f5c01 100644
--- a/kustomize/deployment/httproute-http.yaml
+++ b/kustomize/deployment/httproute-http.yaml
@@ -9,7 +9,7 @@ spec:
kind: Gateway
namespace: homelab
hostnames:
- - web.leechpepin.local
+ - web.leechpepin.com
rules:
- matches:
- path:
diff --git a/namespaces/apps/linkwarden/kustomization.yaml b/namespaces/apps/linkwarden/kustomization.yaml
index a4b53c0..6068652 100644
--- a/namespaces/apps/linkwarden/kustomization.yaml
+++ b/namespaces/apps/linkwarden/kustomization.yaml
@@ -69,12 +69,13 @@ patches:
- path: patches/deployment.yaml
target:
kind: Deployment
- # - path: patches/configmap.yaml
- # target:
- # kind: ConfigMap
- path: patches/pvc.yaml
target:
kind: PersistentVolumeClaim
+ - path: patches/httproute-http.yaml
+ target:
+ kind: HTTPRoute
+ name: http
labels:
- includeSelectors: true
@@ -86,7 +87,7 @@ labels:
configMapGenerator:
- name: config
literals:
- - NEXTAUTH_URL="http://linkwarden.leechpepin.com/api/v1/auth"
+ - NEXTAUTH_URL="https://linkwarden.leechpepin.com/api/v1/auth"
- NEXT_PUBLIC_OLLAMA_ENDPOINT_URL="http://ollama.ai.svc.cluster.local:11434"
- OLLAMA_MODEL="phi3:mini-4k"
- NEXT_PUBLIC_AUTHENTIK_ENABLED="true"
diff --git a/namespaces/apps/linkwarden/patches/configmap.yaml b/namespaces/apps/linkwarden/patches/configmap.yaml
deleted file mode 100644
index e255e54..0000000
--- a/namespaces/apps/linkwarden/patches/configmap.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: config
-data:
- NEXTAUTH_URL: "http://linkwarden.leechpepin.com/api/v1/auth"
- NEXT_PUBLIC_OLLAMA_ENDPOINT_URL: "http://ollama.ai.svc.cluster.local:11434"
- OLLAMA_MODEL: "phi3:mini-4k"
- NEXT_PUBLIC_AUTHENTIK_ENABLED: "true"
- AUTHENTIK_CUSTOM_NAME: "Authentik"
- AUTHENTIK_ISSUER: "https://auth.leechpepin.com/application/o/linkwarden"
- AUTHENTIK_CLIENT_ID: "VQtaPxELuwFFUS412pZsk0TFIFpXqPpZYHul9Ddj"
- NEXT_PUBLIC_DISABLE_REGISTRATION: "true"
- NEXT_PUBLIC_CREDENTIALS_ENABLED: "false"
- NEXT_PUBLIC_EMAIL_PROVIDER: "true"
- EMAIL_FROM: "homelab@leechpepin.com"
diff --git a/namespaces/apps/mealie/kustomization.yaml b/namespaces/apps/mealie/kustomization.yaml
new file mode 100644
index 0000000..0f84ea5
--- /dev/null
+++ b/namespaces/apps/mealie/kustomization.yaml
@@ -0,0 +1,108 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+ - |-
+ apiVersion: builtin
+ kind: NamespaceTransformer
+ metadata:
+ name: notImportantHere
+ namespace: apps
+ unsetOnly: true
+
+namePrefix: mealie-
+resources:
+ - ../../../kustomize/deployment/
+
+replacements:
+ - source:
+ kind: Service
+ name: svc
+ targets:
+ - select:
+ kind: HTTPRoute
+ options:
+ create: true
+ fieldPaths:
+ - spec.rules.0.backendRefs.0.name
+ - source:
+ kind: Deployment
+ fieldPath: metadata.labels.[app.kubernetes.io/appName]
+ targets:
+ - select:
+ kind: HTTPRoute
+ options:
+ create: true
+ delimiter: "."
+ index: 0
+ fieldPaths:
+ - spec.hostnames.0
+ - select:
+ kind: InfisicalSecret
+ options:
+ delimiter: "-"
+ index: 0
+ fieldPaths:
+ - spec.managedSecretReference.secretName
+ - select:
+ kind: InfisicalSecret
+ options:
+ delimiter: "/"
+ index: 2
+ fieldPaths:
+ - spec.authentication.universalAuth.secretsScope.secretsPath
+ - select:
+ kind: Service
+ fieldPaths:
+ - spec.ports.0.name
+ - spec.ports.0.targetPort
+ - source:
+ kind: Deployment
+ fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
+ targets:
+ - select:
+ kind: InfisicalSecret
+ fieldPaths:
+ - spec.managedSecretReference.secretNamespace
+
+patches:
+ - path: patches/deployment.yaml
+ target:
+ kind: Deployment
+ - path: patches/httproute-http.yaml
+ target:
+ kind: HTTPRoute
+ name: http
+
+labels:
+ - includeSelectors: true
+ pairs:
+ app.kubernetes.io/appName: mealie
+ - pairs:
+ app.kubernetes.io/appNamespace: apps
+
+configMapGenerator:
+ - name: config
+ literals:
+ - ALLOW_SIGNUP="false"
+ - PUID=1000
+ - PGID=1000
+ - TZ=America/New_York
+ - BASE_URL=https://mealie.leechpepin.com
+ # Database Settings
+ - DB_ENGINE=postgres
+ - POSTGRES_USER=mealie
+ - POSTGRES_SERVER=postgres.core.svc.cluster.local
+ - POSTGRES_PORT=5432
+ - POSTGRES_DB=mealie
+ # Use Ollama
+ - OPENAI_BASE_URL=http://ollama.ai.svc.cluster.local:11434
+ - OPENAI_MODEL=llama3.2:latest
+ - OPENAI_API_KEY=gibberish
+ # Use Authentik OIDC
+ - OIDC_AUTH_ENABLED=true
+ - OIDC_CONFIGURATION_URL=https://auth.leechpepin.com/application/o/mealie/.well-known/openid-configuration
+ - OIDC_CLIENT_ID=tkLxhniR4IluqtYhMU4tz1vOUzS71kwxFr5gui7m
+ - OIDC_AUTO_REDIRECT=true
+ - OIDC_PROVIDER_NAME=Authentik
+ - OIDC_REMEMBER_ME=true
diff --git a/namespaces/apps/mealie/patches/deployment.yaml b/namespaces/apps/mealie/patches/deployment.yaml
new file mode 100644
index 0000000..46726a8
--- /dev/null
+++ b/namespaces/apps/mealie/patches/deployment.yaml
@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: app
+spec:
+ template:
+ spec:
+ containers:
+ - name: mealie
+ image: ghcr.io/mealie-recipes/mealie:v2.5.0
+ envFrom:
+ - configMapRef:
+ name: mealie-config
+ env:
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: mealie-secrets
+ key: MEALIE_PASSWORD
+ optional: false
+ - name: OIDC_CLIENT_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: mealie-secrets
+ key: AUTHENTIK_CLIENT_SECRET
+ optional: false
+ ports:
+ - containerPort: 9000
+ protocol: TCP
+ name: mealie
+ resources:
+ limits:
+ memory: 1000Mi
+ volumeMounts:
+ - mountPath: /app/data
+ name: mealie
+ subPath: "data"
+ volumes:
+ - name: mealie
+ persistentVolumeClaim:
+ claimName: mealie-pvc
diff --git a/namespaces/apps/mealie/patches/httproute-http.yaml b/namespaces/apps/mealie/patches/httproute-http.yaml
new file mode 100644
index 0000000..d965efa
--- /dev/null
+++ b/namespaces/apps/mealie/patches/httproute-http.yaml
@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+ name: http
+spec:
+ rules:
+ - filters:
+ - type: RequestHeaderModifier
+ requestHeaderModifier:
+ set:
+ - name: "X-Forwarded-Proto"
+ value: "https"
+ backendRefs:
+ - name: web
+ port: 80