Dev/talos-cluster
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore: Add skeletons for future containers

Browse Source 
fix: Corrected observability namespace

- Add atuin but not enabled yet.
This commit is contained in:
Laur IVAN
2026-02-24 13:56:21 +01:00
parent 355e247ff5
commit aef3651518
12 changed files with 205 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
kubernetes/apps/communication/README.md Normal file
View File

@@ -0,0 +1,22 @@
# Communication
Here we have:
- notification apps (tied to monitoring)
- selfhosted social media (like mastodon/bluesky...)
- blogs
## Blogs
This should contain public content stuff like blogs. It should:
1. replace laurivan.com
2. replace sillyjokes.???
3. Have a content creation thing
4. is available on envoy-external (aka web-accessible)
**Notes**:
1. Depends on DB and a robust backup
2. must contain only production-ready stuff
3. Need to figure out how to do it for multiple domanis...

6
kubernetes/apps/dev/README.md Normal file
View File

@@ -0,0 +1,6 @@
# About
This should contain different deployments relevant for development.
- [atuin](https://github.com/onedr0p/home-ops/tree/5f5f0e040bd8013737037d11712ece57e2f631da/kubernetes/apps/default/atuin)
-

24
kubernetes/apps/dev/atuin/app.ks.yaml Normal file
View File

@@ -0,0 +1,24 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: atuin
spec:
components:
- ../../../../components/volsync
dependsOn:
- name: rook-ceph-cluster
namespace: rook-ceph
interval: 1h
path: ./kubernetes/apps/dev/atuin/app
postBuild:
substitute:
APP: atuin
prune: true
sourceRef:
kind: GitRepository
name: flux-system
namespace: flux-system
targetNamespace: default
wait: false

80
kubernetes/apps/dev/atuin/app/helmrelease.yaml Normal file
View File

@@ -0,0 +1,80 @@
---
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s-labs/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: atuin
spec:
chartRef:
kind: OCIRepository
name: atuin
interval: 1h
values:
controllers:
atuin:
containers:
app:
image:
repository: ghcr.io/atuinsh/atuin
tag: v18.12.0@sha256:e953fa9e36ef571d3cb2f9746426129025b8101ad4b88cd0da6783d524cca431
env:
ATUIN_HOST: "0.0.0.0"
ATUIN_PORT: &port 80
ATUIN_OPEN_REGISTRATION: "true"
ATUIN_DB_URI: sqlite:///config/atuin.db
TZ: America/New_York
args:
- start
probes:
liveness:
enabled: true
spec:
periodSeconds: 30
timeoutSeconds: 5
failureThreshold: 5
readiness:
enabled: true
custom: true
spec:
httpGet:
path: /healthz
port: *port
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 5
startup:
enabled: true
spec:
failureThreshold: 30
periodSeconds: 10
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities: {drop: ["ALL"]}
resources:
requests:
cpu: 10m
limits:
memory: 256Mi
defaultPodOptions:
securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
service:
app:
ports:
http:
port: *port
route:
app:
hostnames:
- "{{ .Release.Name }}.${SECRET_DOMAIN}"
parentRefs:
- name: envoy-internal
namespace: network
persistence:
config:
existingClaim: "{{ .Release.Name }}"

7
kubernetes/apps/dev/atuin/app/kustomization.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
# yaml-language-server: $schema=https://json.schemastore.org/kustomization
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./helmrelease.yaml
- ./ocirepository.yaml

14
kubernetes/apps/dev/atuin/app/ocirepository.yaml Normal file
View File

@@ -0,0 +1,14 @@
---
# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/source.toolkit.fluxcd.io/ocirepository_v1.json
apiVersion: source.toolkit.fluxcd.io/v1
kind: OCIRepository
metadata:
name: atuin
spec:
interval: 15m
layerSelector:
mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
operation: copy
ref:
tag: 4.6.2
url: oci://ghcr.io/bjw-s-labs/helm/app-template

6
kubernetes/apps/dev/atuin/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./app.ks.yaml

8
kubernetes/apps/dev/kustomization.yaml Normal file
View File

@@ -0,0 +1,8 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: dev
resources:
- ./namespace.yaml
# TODO: - ./atuin - enable it when the storage is set up

7
kubernetes/apps/dev/namespace.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
apiVersion: v1
kind: Namespace
metadata:
name: _
annotations:
kustomize.toolkit.fluxcd.io/prune: disabled

9
kubernetes/apps/home-automation/README.md Normal file
View File

@@ -0,0 +1,9 @@
# Introduction
This folder/namespace shall contain all HA-related applications, like:
- Home Assistant
- mosquitto (MQTT broker)
- zigbee/z-wave daemons if necessary
**NOTE**: Only the minimal stuff shall be exposed on the envoy-internal gateway.

21
kubernetes/apps/media/README.md Normal file
View File

@@ -0,0 +1,21 @@
# Introduction
This shall contain all media-related applications:
- Plex
- *arr stuff
- tatuuli - still don't know what purpose it serves
- digital library things
- transcoding for optimisation to available media (e.g. 1080p right now, 4k in the future)
- maybe create a decay algorithm to remove old and unwatched stuff
Can also contain
- mermaid ui
- figma equivalent
- immich (it will most likely be here)
**NOTES**:
1. in principle, stuff should be exposed on the internal gateway
2. mirror and replace the current "services" vm which is full of docker containers
3. it depends on a successful connection via NFS to the storage machine

2
kubernetes/apps/observability/kustomization.yaml
View File

@@ -1,7 +1,7 @@
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: monitoring-system
namespace: observability
resources:
- ./namespace.yaml