update cluster definitions

Author: soerenschneider

clusters/argo-svc.dd.soeren.cloud/apps/aether/external-secret-aether.yaml

@@ -56,3 +56,11 @@ spec:
       remoteRef:
         key: "secret/soeren.cloud/env/prod/aws-s3/credentials/taskwarrior-prod-aether"
         property: "AWS_SECRET_ACCESS_KEY"
+    - secretKey: "oidc_client_id"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/keycloak/soerencloud/clients/aether"
+        property: "client_id"
+    - secretKey: "oidc_secret_id"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/keycloak/soerencloud/clients/aether"
+        property: "secret_id"

clusters/argo-svc.dd.soeren.cloud/apps/aether/kustomization.yaml

@@ -7,7 +7,34 @@ resources:
   - namespace.yaml
   - external-secret-aether.yaml
   - external-secret-aether-taskwarrior.yaml
+images:
+  - name: ghcr.io/soerenschneider/aether
+    newName: cr.svc.dd.soeren.cloud/aether
+    newTag: latest
 patches:
+  - target:
+      kind: Deployment
+      name: aether
+    patch: |
+      - op: replace
+        path: /spec/template/spec/containers/0/imagePullPolicy
+        value: "Always"
+      - op: add
+        path: /spec/template/spec/volumes/-
+        value:
+          name: aether-secret
+          secret:
+            secretName: aether
+            items:
+              - key: oidc_secret_id
+                path: aether_oidc_secret_id
+      - op: add
+        path: /spec/template/spec/containers/0/volumeMounts/-
+        value:
+          name: aether-secret
+          mountPath: /aether_oidc_secret_id
+          subPath: aether_oidc_secret_id
+          readOnly: true
   - target:
       kind: VirtualService
       name: aether

clusters/argo-svc.dd.soeren.cloud/apps/container-registry/kustomization.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: container-registry
+resources:
+  - ../../../../apps/container-registry
+  - namespace.yaml
+components:
+  - ../../../../apps/container-registry/components/istio
+patches:
+  - target:
+      kind: VirtualService
+      name: container-registry
+    patch: |-
+      - op: replace
+        path: "/spec/hosts"
+        value:
+          - "cr.svc.dd.soeren.cloud"

clusters/argo-svc.dd.soeren.cloud/apps/container-registry/namespace.yaml

@@ -0,0 +1,7 @@
+---
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: container-registry
+  labels:
+    name: container-registry

clusters/argo-svc.dd.soeren.cloud/apps/jellyfin/external-secret-jellyfin-restic-sqlite.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: "external-secrets.io/v1"
+kind: "ExternalSecret"
+metadata:
+  name: "jellyfin-restic-sqlite"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "jellyfin-restic-sqlite"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "AWS_ACCESS_KEY_ID"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/jellyfin-sqlite/aws-credentials"
+        property: "AWS_ACCESS_KEY_ID"
+    - secretKey: "AWS_SECRET_ACCESS_KEY"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/jellyfin-sqlite/aws-credentials"
+        property: "AWS_SECRET_ACCESS_KEY"
+    - secretKey: "RESTIC_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/jellyfin-sqlite/restic"
+        property: "pass"

clusters/argo-svc.dd.soeren.cloud/apps/jellyfin/kustomization.yaml

@@ -4,13 +4,15 @@ kind: Kustomization
 namespace: "jellyfin"
 resources:
   - namespace.yaml
+  - external-secret-jellyfin-restic-sqlite.yaml
   - external-secret-samba.yaml
   - samba.yaml
   - ../../../../apps/jellyfin
 components:
   - ../../../../apps/jellyfin/components/istio
   - ../../../../apps/jellyfin/components/pvc-config
   - ../../../../apps/jellyfin/components/storage-healthcheck
+  - ../../../../apps/jellyfin/components/restic-sqlite
 patches:
   - target:
       kind: "VirtualService"
@@ -33,3 +35,11 @@ patches:
           name: "media"
           persistentVolumeClaim:
             claimName: "media"
+configMapGenerator:
+  - name: "jellyfin-restic-sqlite"
+    options:
+      disableNameSuffixHash: true
+    literals:
+      - "RESTIC_REPOSITORY=s3:https://s3.amazonaws.com/soerenschneider-restic-prod/jellyfin-sqlite"
+      - "RESTIC_HOST=svc.dd.soeren.cloud"
+      - "SQLITE_FILE=/app-data/data/library.db"

clusters/argo-svc.dd.soeren.cloud/apps/jellyfin/samba.yaml

@@ -15,7 +15,7 @@ spec:
     driver: "smb.csi.k8s.io"
     volumeHandle: "jellyfin-media"
     volumeAttributes:
-      source: "//nas.dd.soeren.cloud/movies"
+      source: "//nas.dd.soeren.cloud/media"
       options: "vers=3,seal"
     nodeStageSecretRef:
       name: "smbcreds"

clusters/argo-svc.dd.soeren.cloud/apps/jellyporter/kustomization.yaml

@@ -4,7 +4,7 @@ kind: Kustomization
 namespace: "jellyporter"
 resources:
   - namespace.yaml
-  - external-secret-samba.yaml
+  - external-secret-jellyporter.yaml
   - ../../../../apps/jellyporter
 components:
   - ../../../../apps/jellyporter/components/pvc

clusters/argo-svc.dd.soeren.cloud/apps/linkding/external-secret-linkding-postgres-restic.yaml

@@ -0,0 +1,34 @@
+---
+apiVersion: "external-secrets.io/v1"
+kind: "ExternalSecret"
+metadata:
+  name: "linkding-restic-postgres"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "linkding-restic-postgres"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "AWS_ACCESS_KEY_ID"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/linkding-postgres/aws-credentials"
+        property: "AWS_ACCESS_KEY_ID"
+    - secretKey: "AWS_SECRET_ACCESS_KEY"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/linkding-postgres/aws-credentials"
+        property: "AWS_SECRET_ACCESS_KEY"
+    - secretKey: "RESTIC_PASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/restic/linkding-postgres/restic"
+        property: "pass"
+    - secretKey: "POSTGRES_USER"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/linkding"
+        property: "POSTGRES_USER"
+    - secretKey: "PGPASSWORD"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/linkding"
+        property: "POSTGRES_PASSWORD"

clusters/argo-svc.dd.soeren.cloud/apps/linkding/external-secret-linkding-postgres.yaml

@@ -0,0 +1,22 @@
+---
+apiVersion: "external-secrets.io/v1"
+kind: "ExternalSecret"
+metadata:
+  name: "linkding-postgres"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: "vault"
+    kind: "ClusterSecretStore"
+  target:
+    name: "linkding-postgres"
+    creationPolicy: "Owner"
+  data:
+    - secretKey: "username"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/linkding"
+        property: "POSTGRES_USER"
+    - secretKey: "password"
+      remoteRef:
+        key: "secret/soeren.cloud/env/prod/linkding"
+        property: "POSTGRES_PASSWORD"