Mealie now works. Linkwarden cleaned up

kustomize/deployment/httproute-http.yaml

@@ -9,7 +9,7 @@ spec:
       kind: Gateway
       namespace: homelab
   hostnames:
-    - web.leechpepin.local
+    - web.leechpepin.com
   rules:
     - matches:
         - path:

namespaces/apps/linkwarden/kustomization.yaml

@@ -69,12 +69,13 @@ patches:
   - path: patches/deployment.yaml
     target:
       kind: Deployment
-  # - path: patches/configmap.yaml
-  #   target:
-  #     kind: ConfigMap
   - path: patches/pvc.yaml
     target:
       kind: PersistentVolumeClaim
+  - path: patches/httproute-http.yaml
+    target:
+      kind: HTTPRoute
+      name: http
 
 labels:
   - includeSelectors: true
@@ -86,7 +87,7 @@ labels:
 configMapGenerator:
   - name: config
     literals:
-      - NEXTAUTH_URL="http://linkwarden.leechpepin.com/api/v1/auth"
+      - NEXTAUTH_URL="https://linkwarden.leechpepin.com/api/v1/auth"
       - NEXT_PUBLIC_OLLAMA_ENDPOINT_URL="http://ollama.ai.svc.cluster.local:11434"
       - OLLAMA_MODEL="phi3:mini-4k"
       - NEXT_PUBLIC_AUTHENTIK_ENABLED="true"

namespaces/apps/linkwarden/patches/configmap.yaml

@@ -1,16 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: config
-data:
-  NEXTAUTH_URL: "http://linkwarden.leechpepin.com/api/v1/auth"
-  NEXT_PUBLIC_OLLAMA_ENDPOINT_URL: "http://ollama.ai.svc.cluster.local:11434"
-  OLLAMA_MODEL: "phi3:mini-4k"
-  NEXT_PUBLIC_AUTHENTIK_ENABLED: "true"
-  AUTHENTIK_CUSTOM_NAME: "Authentik"
-  AUTHENTIK_ISSUER: "https://auth.leechpepin.com/application/o/linkwarden"
-  AUTHENTIK_CLIENT_ID: "VQtaPxELuwFFUS412pZsk0TFIFpXqPpZYHul9Ddj"
-  NEXT_PUBLIC_DISABLE_REGISTRATION: "true"
-  NEXT_PUBLIC_CREDENTIALS_ENABLED: "false"
-  NEXT_PUBLIC_EMAIL_PROVIDER: "true"
-  EMAIL_FROM: "homelab@leechpepin.com"

namespaces/apps/mealie/kustomization.yaml

@@ -0,0 +1,108 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+transformers:
+  - |-
+    apiVersion: builtin
+    kind: NamespaceTransformer
+    metadata:
+      name: notImportantHere
+      namespace: apps
+    unsetOnly: true
+
+namePrefix: mealie-
+resources:
+  - ../../../kustomize/deployment/
+
+replacements:
+  - source:
+      kind: Service
+      name: svc
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+        fieldPaths:
+          - spec.rules.0.backendRefs.0.name
+  - source:
+      kind: Deployment
+      fieldPath: metadata.labels.[app.kubernetes.io/appName]
+    targets:
+      - select:
+          kind: HTTPRoute
+        options:
+          create: true
+          delimiter: "."
+          index: 0
+        fieldPaths:
+          - spec.hostnames.0
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "-"
+          index: 0
+        fieldPaths:
+          - spec.managedSecretReference.secretName
+      - select:
+          kind: InfisicalSecret
+        options:
+          delimiter: "/"
+          index: 2
+        fieldPaths:
+          - spec.authentication.universalAuth.secretsScope.secretsPath
+      - select:
+          kind: Service
+        fieldPaths:
+          - spec.ports.0.name
+          - spec.ports.0.targetPort
+  - source:
+      kind: Deployment
+      fieldPath: metadata.labels.[app.kubernetes.io/appNamespace]
+    targets:
+      - select:
+          kind: InfisicalSecret
+        fieldPaths:
+          - spec.managedSecretReference.secretNamespace
+
+patches:
+  - path: patches/deployment.yaml
+    target:
+      kind: Deployment
+  - path: patches/httproute-http.yaml
+    target:
+      kind: HTTPRoute
+      name: http
+
+labels:
+  - includeSelectors: true
+    pairs:
+      app.kubernetes.io/appName: mealie
+  - pairs:
+      app.kubernetes.io/appNamespace: apps
+
+configMapGenerator:
+  - name: config
+    literals:
+      - ALLOW_SIGNUP="false"
+      - PUID=1000
+      - PGID=1000
+      - TZ=America/New_York
+      - BASE_URL=https://mealie.leechpepin.com
+      # Database Settings
+      - DB_ENGINE=postgres
+      - POSTGRES_USER=mealie
+      - POSTGRES_SERVER=postgres.core.svc.cluster.local
+      - POSTGRES_PORT=5432
+      - POSTGRES_DB=mealie
+      # Use Ollama
+      - OPENAI_BASE_URL=http://ollama.ai.svc.cluster.local:11434
+      - OPENAI_MODEL=llama3.2:latest
+      - OPENAI_API_KEY=gibberish
+      # Use Authentik OIDC
+      - OIDC_AUTH_ENABLED=true
+      - OIDC_CONFIGURATION_URL=https://auth.leechpepin.com/application/o/mealie/.well-known/openid-configuration
+      - OIDC_CLIENT_ID=tkLxhniR4IluqtYhMU4tz1vOUzS71kwxFr5gui7m
+      - OIDC_AUTO_REDIRECT=true
+      - OIDC_PROVIDER_NAME=Authentik
+      - OIDC_REMEMBER_ME=true

namespaces/apps/mealie/patches/deployment.yaml

@@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: app
+spec:
+  template:
+    spec:
+      containers:
+        - name: mealie
+          image: ghcr.io/mealie-recipes/mealie:v2.5.0
+          envFrom:
+            - configMapRef:
+                name: mealie-config
+          env:
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: mealie-secrets
+                  key: MEALIE_PASSWORD
+                  optional: false
+            - name: OIDC_CLIENT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: mealie-secrets
+                  key: AUTHENTIK_CLIENT_SECRET
+                  optional: false
+          ports:
+            - containerPort: 9000
+              protocol: TCP
+              name: mealie
+          resources:
+            limits:
+              memory: 1000Mi
+          volumeMounts:
+            - mountPath: /app/data
+              name: mealie
+              subPath: "data"
+      volumes:
+        - name: mealie
+          persistentVolumeClaim:
+            claimName: mealie-pvc

namespaces/apps/mealie/patches/httproute-http.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: http
+spec:
+  rules:
+    - filters:
+        - type: RequestHeaderModifier
+          requestHeaderModifier:
+            set:
+              - name: "X-Forwarded-Proto"
+                value: "https"
+      backendRefs:
+        - name: web
+          port: 80