Update chart version

argocd/Chart.yaml

@@ -9,6 +9,6 @@ appVersion: "1.16.0"
 dependencies:
 - name: argo-cd
   repository: https://argoproj.github.io/argo-helm
-  version: 6.7.11
+  version: 6.11.1
 
 

argocd/templates/InternalProxy.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: internalproxy
     directory:
       recurse: true

argocd/templates/argocd.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: argocd
   destination:
     namespace: argocd

argocd/templates/authentik.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: authentik
   destination:
     namespace: authentik

argocd/templates/bitwarden.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: bitwarden
     directory:
       recurse: true

argocd/templates/cert-manager.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: cert-manager
   destination:
     namespace: cert-manager

argocd/templates/crossplane.yml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: crossplane
   destination:
     namespace: crossplane

argocd/templates/durpapi.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: durpapi
   destination:
     namespace: durpapi

argocd/templates/durpot.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: durpot
   destination:
     namespace: durpot

argocd/templates/external-dns.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: external-dns
   destination:
     namespace: external-dns

argocd/templates/external-secrets.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: external-secrets
   destination:
     namespace: external-secrets

argocd/templates/gatekeeper.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: gatekeeper
   destination:
     namespace: gatekeeper

argocd/templates/gitlab-runner.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: gitlab-runner
   destination:
     namespace: gitlab-runner

argocd/templates/heimdall.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: heimdall
   destination:
     namespace: heimdall

argocd/templates/krakend.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: krakend
   destination:
     namespace: krakend

argocd/templates/kube-prometheus-stack.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: kube-prometheus-stack
   destination:
     namespace: kube-prometheus-stack

argocd/templates/kubeclarity.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: kubeclarity
   destination:
     namespace: kubeclarity

argocd/templates/littlelink.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: littlelink
     directory:
       recurse: true

argocd/templates/longhorn.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: longhorn
   destination:
     namespace: longhorn-system

argocd/templates/metallb-system.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: metallb-system
   destination:
     namespace: metallb-system
@@ -19,3 +19,4 @@ spec:
     syncOptions:
       - CreateNamespace=true 
 
+

argocd/templates/nfs-client.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: nfs-client
     directory:
       recurse: true

argocd/templates/open-webui.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: open-webui
   destination:
     namespace: open-webui

argocd/templates/traefik.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: traefik
   destination:
     namespace: traefik

argocd/templates/uptimekuma.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: uptimekuma
     directory:
       recurse: true

argocd/templates/vault.yaml

@@ -7,7 +7,7 @@ spec:
   project: default
   source:
     repoURL: https://gitlab.com/developerdurp/homelab.git
-    targetRevision: dev
+    targetRevision: main
     path: vault
   destination:
     namespace: vault

argocd/values.yaml

@@ -1,10 +1,28 @@
 argo-cd:
+
   global:
     revisionHistoryLimit: 1
     image:
       repository: registry.internal.durp.info/argoproj/argocd
       imagePullPolicy: Always
 
+  server:
+    #extraArgs:
+    #  - --dex-server-plaintext
+    #  - --dex-server=argocd-dex-server:5556
+    # oidc.config: |
+    #   name: AzureAD
+    #   issuer: https://login.microsoftonline.com/TENANT_ID/v2.0
+    #   clientID: CLIENT_ID
+    #   clientSecret: $oidc.azuread.clientSecret
+    #   requestedIDTokenClaims:
+    #     groups:
+    #       essential: true
+    #   requestedScopes:
+    #     - openid
+    #     - profile
+    #     - email
+
   dex:
     enabled: true
     image:
@@ -15,13 +33,13 @@ argo-cd:
     cm:
       create: true
       annotations: {}
-      url: https://argocd.dev.durp.info
+      url: https://argocd.internal.durp.info
       oidc.tls.insecure.skip.verify: "true"
       dex.config: |
         connectors:
           - config:
-              issuer: https://authentik.dev.durp.info/application/o/argocd/
-              clientID: lKuMgyYaOlQMNAUSjsRVYgkwZG9UT6CeFWeTLAcl
+              issuer: https://authentik.durp.info/application/o/argocd/
+              clientID: dbb8ffc06104fb6e7fac3e4ae7fafb1d90437625
               clientSecret: $client-secret:clientSecret
               insecureEnableGroups: true
               scopes:
@@ -36,9 +54,9 @@ argo-cd:
     rbac:
       create: true
       policy.csv: |
-        g, ArgoCD Admins, role:admin
+        g, ArgoCD Admins, role:admin 
       scopes: "[groups]"
 
   server:
-    route:
+    route: 
       enabled: false

authentik/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: authentik
   repository: https://charts.goauthentik.io
-  version: 2024.4.1
+  version: 2024.8.3

authentik/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`authentik.dev.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`authentik.durp.info`) && PathPrefix(`/`) 
     kind: Rule
     services:
     - name: authentik-server
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "authentik.dev.durp.info"
+  commonName: "authentik.durp.info"
   dnsNames:
-  - "authentik.dev.durp.info" 
+  - "authentik.durp.info" 
 
 ---
 

authentik/values.yaml

@@ -1,8 +1,6 @@
 authentik:
   global:
     env: 
-      - name: AUTHENTIK_REDIS__DB
-        value: "1"
       - name: AUTHENTIK_POSTGRESQL__PASSWORD
         valueFrom:
           secretKeyRef:
@@ -28,22 +26,17 @@ authentik:
   server:
     name: server
     replicas: 3
+  worker:
+    replicas: 3
   postgresql:
     enabled: true
     image:
       registry: registry.internal.durp.info
       repository: bitnami/postgresql
       pullPolicy: Always
-    auth:
-      username: "authentik"
-      existingSecret: db-pass
-      secretKeys:
-        adminPasswordKey: dbpass 
-        userPasswordKey: dbpass
-        
-          #postgresqlUsername: "authentik"
-          #postgresqlDatabase: "authentik"
-          #existingSecret: db-pass 
+    postgresqlUsername: "authentik"
+    postgresqlDatabase: "authentik"
+    existingSecret: db-pass 
     persistence:
       enabled: true
       storageClass: longhorn

bitwarden/templates/deployment.yaml

@@ -17,7 +17,7 @@ spec:
     spec:
       containers:
       - name: bitwarden
-        image: registry.internal.durp.info/vaultwarden/server:1.30.5
+        image: registry.internal.durp.info/vaultwarden/server:1.32.0
         imagePullPolicy: Always
         volumeMounts:
         - name: bitwarden-pvc
@@ -28,7 +28,7 @@ spec:
           containerPort: 80
         env:
           - name: SIGNUPS_ALLOWED
-            value: "TRUE"
+            value: "FALSE"
           - name: INVITATIONS_ALLOWED
             value: "FALSE"                      
           - name: WEBSOCKET_ENABLED
@@ -39,7 +39,7 @@ spec:
             value: "80"            
           - name: ROCKET_WORKERS
             value: "10"
-          - name: ADMIN_TOKEN
+          - name: SECRET_USERNAME
             valueFrom:
               secretKeyRef:
                 name: bitwarden-secret

bitwarden/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`bitwarden.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`bitwarden.durp.info`) && PathPrefix(`/`)
     kind: Rule
     services:
     - name: bitwarden
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "bitwarden.dev.durp.info"
+  commonName: "bitwarden.durp.info"
   dnsNames:
-  - "bitwarden.dev.durp.info"  
+  - "bitwarden.durp.info"  
 
 ---
 
@@ -36,28 +36,7 @@ apiVersion: v1
 metadata:
   name: bitwarden-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: bitwarden.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: bitwarden.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: bitwarden-admin-ingress
-spec:
-  entryPoints:
-    - websecure
-  routes:
-  - match: Host(`bitwarden.dev.durp.info`) && PathPrefix(`/admin`)
-    kind: Rule
-    middlewares:
-    - name: whitelist
-      namespace: traefik  
-    services:
-    - name: bitwarden
-      port: 80
-  tls:
-    secretName: bitwarden-tls
+  externalName: durp.info

cert-manager/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: cert-manager
   repository: https://charts.jetstack.io
-  version: 1.*.*
+  version: v1.15.3

cert-manager/templates/self-signed.yaml

@@ -1,13 +0,0 @@
-apiVersion: cert-manager.io/v1
-kind: Issuer
-metadata:
-  name: selfsigned-issuer
-spec:
-  selfSigned: {}
----
-apiVersion: cert-manager.io/v1
-kind: ClusterIssuer
-metadata:
-  name: selfsigned-cluster-issuer
-spec:
-  selfSigned: {}

crossplane/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: crossplane
   repository: https://charts.crossplane.io/stable
-  version: 1.16.0
+  version: 1.17.1

crossplane/templates/gitlab.yml

@@ -3,7 +3,7 @@ kind: Provider
 metadata:
   name: provider-gitlab
 spec:
-  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.7.0
+  package: xpkg.upbound.io/crossplane-contrib/provider-gitlab:v0.5.0
 ---
 
 apiVersion: external-secrets.io/v1beta1

crossplane/values.yaml

@@ -1,186 +0,0 @@
-# helm-docs renders these comments into markdown. Use markdown formatting where
-# appropiate.
-#
-# -- The number of Crossplane pod `replicas` to deploy.
-replicas: 1
-
-# -- The deployment strategy for the Crossplane and RBAC Manager pods.
-deploymentStrategy: RollingUpdate
-
-image:
-  # -- Repository for the Crossplane pod image.
-  repository: xpkg.upbound.io/crossplane/crossplane
-  # -- The Crossplane image tag. Defaults to the value of `appVersion` in `Chart.yaml`.
-  tag: ""
-  # -- The image pull policy used for Crossplane and RBAC Manager pods.
-  pullPolicy: IfNotPresent
-
-# -- Add `nodeSelectors` to the Crossplane pod deployment.
-nodeSelector: {}
-# -- Add `tolerations` to the Crossplane pod deployment.
-tolerations: []
-# -- Add `affinities` to the Crossplane pod deployment.
-affinity: {}
-
-# -- Enable `hostNetwork` for the Crossplane deployment. Caution: enabling `hostNetwork` grants the Crossplane Pod access to the host network namespace. Consider setting `dnsPolicy` to `ClusterFirstWithHostNet`.
-hostNetwork: false
-
-# -- Specify the `dnsPolicy` to be used by the Crossplane pod.
-dnsPolicy: ""
-
-# -- Add custom `labels` to the Crossplane pod deployment.
-customLabels: {}
-
-# -- Add custom `annotations` to the Crossplane pod deployment.
-customAnnotations: {}
-
-serviceAccount:
-  # -- Add custom `annotations` to the Crossplane ServiceAccount.
-  customAnnotations: {}
-
-# -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the Crossplane pod.
-leaderElection: true
-# -- Add custom arguments to the Crossplane pod.
-args: []
-
-provider:
-  # -- A list of Provider packages to install.
-  packages: []
-
-configuration:
-  # -- A list of Configuration packages to install.
-  packages: []
-
-function:
-  # -- A list of Function packages to install
-  packages: []
-
-# -- The imagePullSecret names to add to the Crossplane ServiceAccount.
-imagePullSecrets: []
-
-registryCaBundleConfig:
-  # -- The ConfigMap name containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
-  name: ""
-  # -- The ConfigMap key containing a custom CA bundle to enable fetching packages from registries with unknown or untrusted certificates.
-  key: ""
-
-service:
-  # -- Configure annotations on the service object. Only enabled when webhooks.enabled = true
-  customAnnotations: {}
-
-webhooks:
-  # -- Enable webhooks for Crossplane and installed Provider packages.
-  enabled: true
-
-rbacManager:
-  # -- Deploy the RBAC Manager pod and its required roles.
-  deploy: true
-  # -- Don't install aggregated Crossplane ClusterRoles.
-  skipAggregatedClusterRoles: false
-  # -- The number of RBAC Manager pod `replicas` to deploy.
-  replicas: 1
-  # -- Enable [leader election](https://docs.crossplane.io/latest/concepts/pods/#leader-election) for the RBAC Manager pod.
-  leaderElection: true
-  # -- Add custom arguments to the RBAC Manager pod.
-  args: []
-  # -- Add `nodeSelectors` to the RBAC Manager pod deployment.
-  nodeSelector: {}
-  # -- Add `tolerations` to the RBAC Manager pod deployment.
-  tolerations: []
-  # -- Add `affinities` to the RBAC Manager pod deployment.
-  affinity: {}
-
-# -- The PriorityClass name to apply to the Crossplane and RBAC Manager pods.
-priorityClassName: ""
-
-resourcesCrossplane:
-  limits:
-    # -- CPU resource limits for the Crossplane pod.
-    cpu: 500m
-    # -- Memory resource limits for the Crossplane pod.
-    memory: 1024Mi
-  requests:
-    # -- CPU resource requests for the Crossplane pod.
-    cpu: 100m
-    # -- Memory resource requests for the Crossplane pod.
-    memory: 256Mi
-
-securityContextCrossplane:
-  # -- The user ID used by the Crossplane pod.
-  runAsUser: 65532
-  # -- The group ID used by the Crossplane pod.
-  runAsGroup: 65532
-  # -- Enable `allowPrivilegeEscalation` for the Crossplane pod.
-  allowPrivilegeEscalation: false
-  # -- Set the Crossplane pod root file system as read-only.
-  readOnlyRootFilesystem: true
-
-packageCache:
-  # -- Set to `Memory` to hold the package cache in a RAM backed file system. Useful for Crossplane development.
-  medium: ""
-  # -- The size limit for the package cache. If medium is `Memory` the `sizeLimit` can't exceed Node memory.
-  sizeLimit: 20Mi
-  # -- The name of a PersistentVolumeClaim to use as the package cache. Disables the default package cache `emptyDir` Volume.
-  pvc: ""
-  # -- The name of a ConfigMap to use as the package cache. Disables the default package cache `emptyDir` Volume.
-  configMap: ""
-
-resourcesRBACManager:
-  limits:
-    # -- CPU resource limits for the RBAC Manager pod.
-    cpu: 100m
-    # -- Memory resource limits for the RBAC Manager pod.
-    memory: 512Mi
-  requests:
-    # -- CPU resource requests for the RBAC Manager pod.
-    cpu: 100m
-    # -- Memory resource requests for the RBAC Manager pod.
-    memory: 256Mi
-
-securityContextRBACManager:
-  # -- The user ID used by the RBAC Manager pod.
-  runAsUser: 65532
-  # -- The group ID used by the RBAC Manager pod.
-  runAsGroup: 65532
-  # -- Enable `allowPrivilegeEscalation` for the RBAC Manager pod.
-  allowPrivilegeEscalation: false
-  # -- Set the RBAC Manager pod root file system as read-only.
-  readOnlyRootFilesystem: true
-
-metrics:
-  # -- Enable Prometheus path, port and scrape annotations and expose port 8080 for both the Crossplane and RBAC Manager pods.
-  enabled: false
-
-# -- Add custom environmental variables to the Crossplane pod deployment.
-# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
-extraEnvVarsCrossplane: {}
-
-# -- Add custom environmental variables to the RBAC Manager pod deployment.
-# Replaces any `.` in a variable name with `_`. For example, `SAMPLE.KEY=value1` becomes `SAMPLE_KEY=value1`.
-extraEnvVarsRBACManager: {}
-
-# -- Add a custom `securityContext` to the Crossplane pod.
-podSecurityContextCrossplane: {}
-
-# -- Add a custom `securityContext` to the RBAC Manager pod.
-podSecurityContextRBACManager: {}
-
-# -- Add custom `volumes` to the Crossplane pod.
-extraVolumesCrossplane: {}
-
-# -- Add custom `volumeMounts` to the Crossplane pod.
-extraVolumeMountsCrossplane: {}
-
-# -- To add arbitrary Kubernetes Objects during a Helm Install
-extraObjects: []
-  # - apiVersion: pkg.crossplane.io/v1alpha1
-  #   kind: ControllerConfig
-  #   metadata:
-  #     name: aws-config
-  #     annotations:
-  #       eks.amazonaws.com/role-arn: arn:aws:iam::123456789101:role/example
-  #       helm.sh/hook: post-install
-  #   spec:
-  #     podSecurityContext:
-  #       fsGroup: 2000
-

durpapi/Chart.yaml

@@ -1,11 +1,13 @@
 apiVersion: v2
-type: application
-version: 0.1.0-dev0192
-description: A Helm chart for Kubernetes
-appVersion: 0.1.0
 name: durpapi
+description: A Helm chart for Kubernetes
+type: application
+
+version: 0.1.0-dev0184
+appVersion: 0.1.0
+
 dependencies:
-- version: 12.5.*
-  condition: postgresql.enabled
+- condition: postgresql.enabled
+  version: 12.5.*
   repository: https://charts.bitnami.com/bitnami
   name: postgresql

durpapi/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host("api.dev.durp.info") && PathPrefix(`/api`)
+  - match: Host("api.durp.info") && PathPrefix(`/api`)
     kind: Rule
     middlewares:
       - name: jwt
@@ -24,7 +24,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host("api.dev.durp.info") && PathPrefix(`/swagger`)
+  - match: Host("api.durp.info") && PathPrefix(`/swagger`)
     kind: Rule
     services:
     - name: "durpapi-service"
@@ -42,4 +42,3 @@ spec:
       Required: true
       Keys:
         - https://authentik.durp.info/application/o/api/jwks
-

durpapi/values.yaml

@@ -10,15 +10,15 @@ deployment:
   probe:
     readiness:  
       httpGet:
-        path: /api/health/gethealth
+        path: /health/gethealth
         port: 8080
     liveness: 
       httpGet:
-        path: /api/health/gethealth
+        path: /health/gethealth
         port: 8080
     startup: 
       httpGet:
-        path: /api/health/gethealth
+        path: /health/gethealth
         port: 8080
 service:
   type: ClusterIP

external-dns/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: 0.0.1
 dependencies:
 - name: external-dns
   repository: https://charts.bitnami.com/bitnami
-  version: 6.20.3
+  version: 8.3.8

external-dns/values.yaml

@@ -4,7 +4,7 @@ external-dns:
 
   image:
     pullPolicy: Always
-  txtPrefix: "dev-"
+
   sources:
     - service
     

external-secrets/Chart.yaml

@@ -8,5 +8,5 @@ appVersion: 0.0.1
 dependencies:
 - name: external-secrets
   repository: https://charts.external-secrets.io
-  version: 0.8.1
+  version: 0.10.4
 

gatekeeper/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gatekeeper
   repository: https://open-policy-agent.github.io/gatekeeper/charts
-  version: 3.14.0
+  version: 3.17.1

gatekeeper/values.yaml

@@ -1,277 +1,278 @@
-gatekeeper:
-  replicas: 3
-  revisionHistoryLimit: 10
-  auditInterval: 60
-  metricsBackends: ["prometheus"]
-  auditMatchKindOnly: false
-  constraintViolationsLimit: 20
-  auditFromCache: false
-  disableMutation: false
-  disableValidatingWebhook: false
-  validatingWebhookName: gatekeeper-validating-webhook-configuration
-  validatingWebhookTimeoutSeconds: 3
-  validatingWebhookFailurePolicy: Ignore
-  validatingWebhookAnnotations: {}
-  validatingWebhookExemptNamespacesLabels: {}
-  validatingWebhookObjectSelector: {}
-  validatingWebhookCheckIgnoreFailurePolicy: Fail
-  validatingWebhookCustomRules: {}
-  validatingWebhookURL: null
-  enableDeleteOperations: false
-  enableExternalData: true
-  enableGeneratorResourceExpansion: true
-  enableTLSHealthcheck: false
-  maxServingThreads: -1
-  mutatingWebhookName: gatekeeper-mutating-webhook-configuration
-  mutatingWebhookFailurePolicy: Ignore
-  mutatingWebhookReinvocationPolicy: Never
-  mutatingWebhookAnnotations: {}
-  mutatingWebhookExemptNamespacesLabels: {}
-  mutatingWebhookObjectSelector: {}
-  mutatingWebhookTimeoutSeconds: 1
-  mutatingWebhookCustomRules: {}
-  mutatingWebhookURL: null
-  mutationAnnotations: false
-  auditChunkSize: 500
-  logLevel: INFO
-  logDenies: false
-  logMutations: false
-  emitAdmissionEvents: false
-  emitAuditEvents: false
-  admissionEventsInvolvedNamespace: false
-  auditEventsInvolvedNamespace: false
-  resourceQuota: true
-  externaldataProviderResponseCacheTTL: 3m
-  image:
-    repository: openpolicyagent/gatekeeper
-    crdRepository: openpolicyagent/gatekeeper-crds
-    release: v3.15.0-beta.0
-    pullPolicy: Always
-    pullSecrets: []
-  preInstall:
-    crdRepository:
-      image:
-        repository: null
-        tag: v3.15.0-beta.0
-  postUpgrade:
-    labelNamespace:
-      enabled: false
-      image:
-        repository: openpolicyagent/gatekeeper-crds
-        tag: v3.15.0-beta.0
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      extraNamespaces: []
-      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-        "pod-security.kubernetes.io/audit-version=latest",
-        "pod-security.kubernetes.io/warn=restricted",
-        "pod-security.kubernetes.io/warn-version=latest",
-        "pod-security.kubernetes.io/enforce=restricted",
-        "pod-security.kubernetes.io/enforce-version=v1.24"]
-      extraAnnotations: {}
-      priorityClassName: ""
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-  postInstall:
-    labelNamespace:
-      enabled: true
-      extraRules: []
-      image:
-        repository: openpolicyagent/gatekeeper-crds
-        tag: v3.15.0-beta.0
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      extraNamespaces: []
-      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
-        "pod-security.kubernetes.io/audit-version=latest",
-        "pod-security.kubernetes.io/warn=restricted",
-        "pod-security.kubernetes.io/warn-version=latest",
-        "pod-security.kubernetes.io/enforce=restricted",
-        "pod-security.kubernetes.io/enforce-version=v1.24"]
-      extraAnnotations: {}
-      priorityClassName: ""
-    probeWebhook:
-      enabled: true
-      image:
-        repository: curlimages/curl
-        tag: 7.83.1
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      waitTimeout: 60
-      httpTimeout: 2
-      insecureHTTPS: false
-      priorityClassName: ""
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-  preUninstall:
-    deleteWebhookConfigurations:
-      extraRules: []
-      enabled: false
-      image:
-        repository: openpolicyagent/gatekeeper-crds
-        tag: v3.15.0-beta.0
-        pullPolicy: IfNotPresent
-        pullSecrets: []
-      priorityClassName: ""
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-  podAnnotations: {}
-  auditPodAnnotations: {}
-  podLabels: {}
-  podCountLimit: "100"
-  secretAnnotations: {}
-  enableRuntimeDefaultSeccompProfile: true
-  controllerManager:
-    exemptNamespaces: []
-    exemptNamespacePrefixes: []
-    hostNetwork: false
-    dnsPolicy: ClusterFirst
-    port: 8443
-    metricsPort: 8888
-    healthPort: 9090
-    readinessTimeout: 1
-    livenessTimeout: 1
-    priorityClassName: system-cluster-critical
-    disableCertRotation: false
-    tlsMinVersion: 1.3
-    clientCertName: ""
-    strategyType: RollingUpdate
-    affinity:
-      podAntiAffinity:
-        preferredDuringSchedulingIgnoredDuringExecution:
-          - podAffinityTerm:
-              labelSelector:
-                matchExpressions:
-                  - key: gatekeeper.sh/operation
-                    operator: In
-                    values:
-                      - webhook
-              topologyKey: kubernetes.io/hostname
-            weight: 100
-    topologySpreadConstraints: []
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources:
-      limits:
-        memory: 512Mi
-      requests:
-        cpu: 100m
-        memory: 512Mi
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-    podSecurityContext:
-      fsGroup: 999
-      supplementalGroups:
-        - 999
-    extraRules: []
-    networkPolicy:
-      enabled: false
-      ingress: { }
-        # - from:
-        #   - ipBlock:
-        #       cidr: 0.0.0.0/0
-  audit:
-    enablePubsub: false
-    connection: audit-connection
-    channel: audit-channel
-    hostNetwork: false
-    dnsPolicy: ClusterFirst
-    metricsPort: 8888
-    healthPort: 9090
-    readinessTimeout: 1
-    livenessTimeout: 1
-    priorityClassName: system-cluster-critical
-    disableCertRotation: false
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources:
-      limits:
-        memory: 512Mi
-      requests:
-        cpu: 100m
-        memory: 512Mi
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 999
-      runAsNonRoot: true
-      runAsUser: 1000
-    podSecurityContext:
-      fsGroup: 999
-      supplementalGroups:
-        - 999
-    writeToRAMDisk: false
-    extraRules: []
-  crds:
-    affinity: {}
-    tolerations: []
-    nodeSelector: {kubernetes.io/os: linux}
-    resources: {}
-    securityContext:
-      allowPrivilegeEscalation: false
-      capabilities:
-        drop:
-        - ALL
-      readOnlyRootFilesystem: true
-      runAsGroup: 65532
-      runAsNonRoot: true
-      runAsUser: 65532
-  pdb:
-    controllerManager:
-      minAvailable: 1
-  service: {}
-  disabledBuiltins: ["{http.send}"]
-  psp:
-    enabled: true
-  upgradeCRDs:
-    enabled: true
-    extraRules: []
-    priorityClassName: ""
-  rbac:
-    create: true
-  externalCertInjection:
-    enabled: false
-    secretName: gatekeeper-webhook-server-cert
+#gatekeeper:
+#  replicas: 3
+#  revisionHistoryLimit: 10
+#  auditInterval: 60
+#  metricsBackends: ["prometheus"]
+#  auditMatchKindOnly: false
+#  constraintViolationsLimit: 20
+#  auditFromCache: false
+#  disableMutation: false
+#  disableValidatingWebhook: false
+#  validatingWebhookName: gatekeeper-validating-webhook-configuration
+#  validatingWebhookTimeoutSeconds: 3
+#  validatingWebhookFailurePolicy: Ignore
+#  validatingWebhookAnnotations: {}
+#  validatingWebhookExemptNamespacesLabels: {}
+#  validatingWebhookObjectSelector: {}
+#  validatingWebhookCheckIgnoreFailurePolicy: Fail
+#  validatingWebhookCustomRules: {}
+#  validatingWebhookURL: null
+#  enableDeleteOperations: false
+#  enableExternalData: true
+#  enableGeneratorResourceExpansion: true
+#  enableTLSHealthcheck: false
+#  maxServingThreads: -1
+#  mutatingWebhookName: gatekeeper-mutating-webhook-configuration
+#  mutatingWebhookFailurePolicy: Ignore
+#  mutatingWebhookReinvocationPolicy: Never
+#  mutatingWebhookAnnotations: {}
+#  mutatingWebhookExemptNamespacesLabels: {}
+#  mutatingWebhookObjectSelector: {}
+#  mutatingWebhookTimeoutSeconds: 1
+#  mutatingWebhookCustomRules: {}
+#  mutatingWebhookURL: null
+#  mutationAnnotations: false
+#  auditChunkSize: 500
+#  logLevel: INFO
+#  logDenies: false
+#  logMutations: false
+#  emitAdmissionEvents: false
+#  emitAuditEvents: false
+#  admissionEventsInvolvedNamespace: false
+#  auditEventsInvolvedNamespace: false
+#  resourceQuota: true
+#  externaldataProviderResponseCacheTTL: 3m
+#  image:
+#    repository: openpolicyagent/gatekeeper
+#    crdRepository: openpolicyagent/gatekeeper-crds
+#    release: v3.15.0-beta.0
+#    pullPolicy: Always
+#    pullSecrets: []
+#  preInstall:
+#    crdRepository:
+#      image:
+#        repository: null
+#        tag: v3.15.0-beta.0
+#  postUpgrade:
+#    labelNamespace:
+#      enabled: false
+#      image:
+#        repository: openpolicyagent/gatekeeper-crds
+#        tag: v3.15.0-beta.0
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      extraNamespaces: []
+#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
+#        "pod-security.kubernetes.io/audit-version=latest",
+#        "pod-security.kubernetes.io/warn=restricted",
+#        "pod-security.kubernetes.io/warn-version=latest",
+#        "pod-security.kubernetes.io/enforce=restricted",
+#        "pod-security.kubernetes.io/enforce-version=v1.24"]
+#      extraAnnotations: {}
+#      priorityClassName: ""
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources: {}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#  postInstall:
+#    labelNamespace:
+#      enabled: true
+#      extraRules: []
+#      image:
+#        repository: openpolicyagent/gatekeeper-crds
+#        tag: v3.15.0-beta.0
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      extraNamespaces: []
+#      podSecurity: ["pod-security.kubernetes.io/audit=restricted",
+#        "pod-security.kubernetes.io/audit-version=latest",
+#        "pod-security.kubernetes.io/warn=restricted",
+#        "pod-security.kubernetes.io/warn-version=latest",
+#        "pod-security.kubernetes.io/enforce=restricted",
+#        "pod-security.kubernetes.io/enforce-version=v1.24"]
+#      extraAnnotations: {}
+#      priorityClassName: ""
+#    probeWebhook:
+#      enabled: true
+#      image:
+#        repository: curlimages/curl
+#        tag: 7.83.1
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      waitTimeout: 60
+#      httpTimeout: 2
+#      insecureHTTPS: false
+#      priorityClassName: ""
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#  preUninstall:
+#    deleteWebhookConfigurations:
+#      extraRules: []
+#      enabled: false
+#      image:
+#        repository: openpolicyagent/gatekeeper-crds
+#        tag: v3.15.0-beta.0
+#        pullPolicy: IfNotPresent
+#        pullSecrets: []
+#      priorityClassName: ""
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources: {}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#  podAnnotations: {}
+#  auditPodAnnotations: {}
+#  podLabels: {}
+#  podCountLimit: "100"
+#  secretAnnotations: {}
+#  enableRuntimeDefaultSeccompProfile: true
+#  controllerManager:
+#    exemptNamespaces: []
+#    exemptNamespacePrefixes: []
+#    hostNetwork: false
+#    dnsPolicy: ClusterFirst
+#    port: 8443
+#    metricsPort: 8888
+#    healthPort: 9090
+#    readinessTimeout: 1
+#    livenessTimeout: 1
+#    priorityClassName: system-cluster-critical
+#    disableCertRotation: false
+#    tlsMinVersion: 1.3
+#    clientCertName: ""
+#    strategyType: RollingUpdate
+#    affinity:
+#      podAntiAffinity:
+#        preferredDuringSchedulingIgnoredDuringExecution:
+#          - podAffinityTerm:
+#              labelSelector:
+#                matchExpressions:
+#                  - key: gatekeeper.sh/operation
+#                    operator: In
+#                    values:
+#                      - webhook
+#              topologyKey: kubernetes.io/hostname
+#            weight: 100
+#    topologySpreadConstraints: []
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources:
+#      limits:
+#        memory: 512Mi
+#      requests:
+#        cpu: 100m
+#        memory: 512Mi
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#    podSecurityContext:
+#      fsGroup: 999
+#      supplementalGroups:
+#        - 999
+#    extraRules: []
+#    networkPolicy:
+#      enabled: false
+#      ingress: { }
+#        # - from:
+#        #   - ipBlock:
+#        #       cidr: 0.0.0.0/0
+#  audit:
+#    enablePubsub: false
+#    connection: audit-connection
+#    channel: audit-channel
+#    hostNetwork: false
+#    dnsPolicy: ClusterFirst
+#    metricsPort: 8888
+#    healthPort: 9090
+#    readinessTimeout: 1
+#    livenessTimeout: 1
+#    priorityClassName: system-cluster-critical
+#    disableCertRotation: false
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources:
+#      limits:
+#        memory: 512Mi
+#      requests:
+#        cpu: 100m
+#        memory: 512Mi
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 999
+#      runAsNonRoot: true
+#      runAsUser: 1000
+#    podSecurityContext:
+#      fsGroup: 999
+#      supplementalGroups:
+#        - 999
+#    writeToRAMDisk: false
+#    extraRules: []
+#  crds:
+#    affinity: {}
+#    tolerations: []
+#    nodeSelector: {kubernetes.io/os: linux}
+#    resources: {}
+#    securityContext:
+#      allowPrivilegeEscalation: false
+#      capabilities:
+#        drop:
+#        - ALL
+#      readOnlyRootFilesystem: true
+#      runAsGroup: 65532
+#      runAsNonRoot: true
+#      runAsUser: 65532
+#  pdb:
+#    controllerManager:
+#      minAvailable: 1
+#  service: {}
+#  disabledBuiltins: ["{http.send}"]
+#  psp:
+#    enabled: true
+#  upgradeCRDs:
+#    enabled: true
+#    extraRules: []
+#    priorityClassName: ""
+#  rbac:
+#    create: true
+#  externalCertInjection:
+#    enabled: false
+#    secretName: gatekeeper-webhook-server-cert
+#

gitlab-runner/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: gitlab-runner
   repository: https://charts.gitlab.io/
-  version: 0.43.0
+  version: 0.69.0

heimdall/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: heimdall
   repository: https://djjudas21.github.io/charts/
-  version: 8.5.2
+  version: 8.5.4

heimdall/templates/ingress.yaml

@@ -7,7 +7,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`heimdall.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`heimdall.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: authentik-proxy-provider
       namespace: traefik  
@@ -15,7 +15,7 @@ spec:
     services:
     - name: heimdall
       port: 80
-  - match: Host(`heimdall.dev.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+  - match: Host(`heimdall.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
     kind: Rule
     services:
     - name: ak-outpost-authentik-embedded-outpost
@@ -35,9 +35,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "heimdall.dev.durp.info"
+  commonName: "heimdall.durp.info"
   dnsNames:
-  - "heimdall.dev.durp.info"  
+  - "heimdall.durp.info"  
 
 ---
 

internalproxy/templates/argocd.yaml

@@ -8,9 +8,9 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`argocd.internal.dev.durp.info`)
+  - match: Host(`argocd.internal.durp.info`)
     middlewares:
-    - name: internal-only
+    - name: whitelist
       namespace: traefik  
     kind: Rule
     services:
@@ -22,6 +22,16 @@ spec:
 
 ---
 
+kind: Service
+apiVersion: v1
+metadata:
+  name: argocd-server
+spec:
+  type: ExternalName
+  externalName: argocd-server.argocd.svc.cluster.local  
+
+---
+
 apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
@@ -31,6 +41,6 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "argocd.internal.dev.durp.info"
+  commonName: "argocd.internal.durp.info"
   dnsNames:
-  - "argocd.internal.dev.durp.info"  
+  - "argocd.internal.durp.info"  

internalproxy/templates/blueiris.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: blueiris
+spec:
+  ports:
+    - name: app
+      port: 81
+      protocol: TCP
+      targetPort: 81
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: blueiris
+subsets:
+  - addresses:
+      - ip: 192.168.99.2
+    ports:
+      - name: app
+        port: 81
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: blueiris-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`blueiris.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: blueiris
+          port: 81
+          scheme: http
+  tls:
+    secretName: blueiris-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: blueiris-tls
+spec:
+  secretName: blueiris-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "blueiris.internal.durp.info"
+  dnsNames:
+    - "blueiris.internal.durp.info"

internalproxy/templates/duplicati-ingress.yaml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: duplicati
+spec:
+  ports:
+  - name: app
+    port: 8200
+    protocol: TCP
+    targetPort: 8200
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: duplicati
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8200
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: duplicati-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: duplicati
+      port: 8200
+  - match: Host(`duplicati.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+    kind: Rule
+    services:
+    - name: ak-outpost-authentik-embedded-outpost
+      namespace: authentik
+      port: 9000
+  tls:
+    secretName: duplicati-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: duplicati-tls
+spec:
+  secretName: duplicati-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "duplicati.internal.durp.info"
+  dnsNames:
+  - "duplicati.internal.durp.info"  

internalproxy/templates/gitea.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea
+spec:
+  ports:
+    - name: app
+      port: 3000
+      protocol: TCP
+      targetPort: 3000
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: gitea
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 3000
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: gitea-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`gitea.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: gitea
+          port: 3000
+          scheme: http
+  tls:
+    secretName: gitea-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: gitea-tls
+spec:
+  secretName: gitea-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "gitea.durp.info"
+  dnsNames:
+    - "gitea.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: gitea-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: gitea.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/jellyfin.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: jellyfin
+spec:
+  ports:
+    - name: app
+      port: 8096
+      protocol: TCP
+      targetPort: 8096
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: jellyfin
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 8096
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: jellyfin-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`jellyfin.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: jellyfin
+          port: 8096
+          scheme: http
+  tls:
+    secretName: jellyfin-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: jellyfin-tls
+spec:
+  secretName: jellyfin-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "jellyfin.durp.info"
+  dnsNames:
+    - "jellyfin.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: jellyfin-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: jellyfin.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

internalproxy/templates/kasm.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: kasm
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: kasm
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: kasm-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`kasm.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: kasm
+          port: 443
+          scheme: https
+  tls:
+    secretName: kasm-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kasm-tls
+spec:
+  secretName: kasm-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "kasm.durp.info"
+  dnsNames:
+    - "kasm.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: kasm-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: kasm.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/minio.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: minio
+spec:
+  ports:
+    - name: app
+      port: 9769
+      protocol: TCP
+      targetPort: 9769
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: minio
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 9769
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: minio-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`minio.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: minio
+          port: 9769
+          scheme: http
+  tls:
+    secretName: minio-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: minio-tls
+spec:
+  secretName: minio-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "minio.internal.durp.info"
+  dnsNames:
+    - "minio.internal.durp.info"

internalproxy/templates/nexus.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: nexus
+spec:
+  ports:
+  - name: app
+    port: 8081
+    protocol: TCP
+    targetPort: 8081
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: nexus
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8081
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: nexus-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`nexus.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: nexus
+      port: 8081
+  tls:
+    secretName: nexus-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: nexus-tls
+spec:
+  secretName: nexus-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "nexus.durp.info"
+  dnsNames:
+  - "nexus.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: nexus-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: nexus.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/octopus.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: octopus
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: octopus
+subsets:
+  - addresses:
+      - ip: 192.168.20.105
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: octopus-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`octopus.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: octopus
+          port: 443
+          scheme: https
+  tls:
+    secretName: octopus-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: octopus-tls
+spec:
+  secretName: octopus-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "octopus.internal.durp.info"
+  dnsNames:
+    - "octopus.internal.durp.info"

internalproxy/templates/ollama.yaml

@@ -0,0 +1,101 @@
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: ollama-secret
+spec:
+  secretStoreRef:
+    name: vault
+    kind: ClusterSecretStore
+  target:
+    name: ollama-secret
+  data:
+    - secretKey: users
+      remoteRef:
+        key: secrets/internalproxy/ollama
+        property: users
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: ollama-basic-auth
+spec:
+  basicAuth:
+    secret: ollama-secret
+
+---
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: ollama
+spec:
+  ports:
+    - name: app
+      port: 11435
+      protocol: TCP
+      targetPort: 11435
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: ollama
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 11435
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ollama-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`ollama.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: ollama-basic-auth
+      kind: Rule
+      services:
+        - name: ollama
+          port: 11435
+  tls:
+    secretName: ollama-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: ollama-tls
+spec:
+  secretName: ollama-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "ollama.durp.info"
+  dnsNames:
+    - "ollama.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: ollama-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: ollama.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/pfsense.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pfsense
+spec:
+  ports:
+    - name: app
+      port: 10443
+      protocol: TCP
+      targetPort: 10443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: pfsense
+subsets:
+  - addresses:
+      - ip: 192.168.20.1
+    ports:
+      - name: app
+        port: 10443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pfsense-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`pfsense.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: pfsense
+          port: 10443
+          scheme: https
+  tls:
+    secretName: pfsense-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: pfsense-tls
+spec:
+  secretName: pfsense-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "pfsense.internal.durp.info"
+  dnsNames:
+    - "pfsense.internal.durp.info"

internalproxy/templates/plex.yaml

@@ -0,0 +1,72 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: plex
+spec:
+  ports:
+    - name: app
+      port: 32400
+      protocol: TCP
+      targetPort: 32400
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: plex
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 32400
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: plex-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`plex.durp.info`) && PathPrefix(`/`)
+      kind: Rule
+      services:
+        - name: plex
+          port: 32400
+          scheme: https
+  tls:
+    secretName: plex-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: plex-tls
+spec:
+  secretName: plex-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "plex.durp.info"
+  dnsNames:
+    - "plex.durp.info"
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: plex-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: plex.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

internalproxy/templates/portainer.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: portainer
+spec:
+  ports:
+    - name: app
+      port: 9443
+      protocol: TCP
+      targetPort: 9443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: portainer
+subsets:
+  - addresses:
+      - ip: 192.168.20.104
+    ports:
+      - name: app
+        port: 9443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: portainer-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`portainer.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: portainer
+          port: 9443
+          scheme: https
+  tls:
+    secretName: portainer-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: portainer-tls
+spec:
+  secretName: portainer-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "portainer.internal.durp.info"
+  dnsNames:
+    - "portainer.internal.durp.info"

internalproxy/templates/proxmox.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: proxmox
+spec:
+  ports:
+    - name: app
+      port: 8006
+      protocol: TCP
+      targetPort: 8006
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: proxmox
+subsets:
+  - addresses:
+      - ip: 192.168.21.252
+    ports:
+      - name: app
+        port: 8006
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: proxmox-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`proxmox.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: proxmox
+          port: 8006
+          scheme: https
+  tls:
+    secretName: proxmox-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: proxmox-tls
+spec:
+  secretName: proxmox-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "proxmox.internal.durp.info"
+  dnsNames:
+    - "proxmox.internal.durp.info"

internalproxy/templates/registry-internal.yaml

@@ -0,0 +1,59 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry-internal
+spec:
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+    targetPort: 5000
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: registry-internal
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: registry-internal-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`registry.internal.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: registry-internal
+      port: 5000
+  tls:
+    secretName: registry-internal-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: registry-internal-tls
+spec:
+  secretName: registry-internal-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "registry.internal.durp.info"
+  dnsNames:
+  - "registry.internal.durp.info"

internalproxy/templates/registry.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: registry
+spec:
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+    targetPort: 5000
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: registry
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 5000
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: registry-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`registry.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    services:
+    - name: registry
+      port: 5000
+  tls:
+    secretName: registry-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: registry-tls
+spec:
+  secretName: registry-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "registry.durp.info"
+  dnsNames:
+  - "registry.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: registry-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: registry.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/s3.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: s3
+spec:
+  ports:
+    - name: app
+      port: 9768
+      protocol: TCP
+      targetPort: 9768
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: s3
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 9768
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: s3-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`s3.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: s3
+          port: 9768
+          scheme: http
+  tls:
+    secretName: s3-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: s3-tls
+spec:
+  secretName: s3-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "s3.internal.durp.info"
+  dnsNames:
+    - "s3.internal.durp.info"

internalproxy/templates/semaphore.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: semaphore
+spec:
+  ports:
+    - name: app
+      port: 3001
+      protocol: TCP
+      targetPort: 3001
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: semaphore
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 3001
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: semaphore-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`semaphore.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: semaphore
+          port: 3001
+          scheme: http
+  tls:
+    secretName: semaphore-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: semaphore-tls
+spec:
+  secretName: semaphore-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "semaphore.internal.durp.info"
+  dnsNames:
+    - "semaphore.internal.durp.info"

internalproxy/templates/smokeping.yaml

@@ -0,0 +1,82 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: smokeping
+spec:
+  ports:
+  - name: app
+    port: 81
+    protocol: TCP
+    targetPort: 81
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: smokeping
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 81
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: smokeping-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`smokeping.durp.info`) && PathPrefix(`/`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: smokeping
+      port: 81
+  - match: Host(`smokeping.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+    kind: Rule
+    services:
+    - name: ak-outpost-authentik-embedded-outpost
+      namespace: authentik
+      port: 9000
+  tls:
+    secretName: smokeping-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: smokeping-tls
+spec:
+  secretName: smokeping-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "smokeping.durp.info"
+  dnsNames:
+  - "smokeping.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: smokeping-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: smokeping.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info  

internalproxy/templates/speedtest.yaml

@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: speedtest
+spec:
+  ports:
+  - name: app
+    port: 6580
+    protocol: TCP
+    targetPort: 6580
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: speedtest
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 6580
+    protocol: TCP
+
+---    
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: speedtest-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`speedtest.durp.info`) && PathPrefix(`/`)
+    kind: Rule
+    middlewares:
+    - name: authentik-proxy-provider
+      namespace: traefik 
+    services:
+    - name: speedtest
+      port: 6580
+  tls:
+    secretName: speedtest-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: speedtest-tls
+spec:
+  secretName: speedtest-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "speedtest.durp.info"
+  dnsNames:
+  - "speedtest.durp.info"  
+
+---
+
+kind: Service
+apiVersion: v1
+metadata:
+  name: speedtest-external-dns
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: speedtest.durp.info
+spec:
+  type: ExternalName
+  externalName: durp.info

internalproxy/templates/tdarr.yaml

@@ -0,0 +1,67 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: tdarr
+spec:
+  ports:
+  - name: app
+    port: 8267
+    protocol: TCP
+    targetPort: 8267
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: tdarr
+subsets:
+- addresses:
+  - ip: 192.168.20.253
+  ports:
+  - name: app
+    port: 8267
+    protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: tdarr-ingress
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-production
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`tdarr.internal.durp.info`)
+    middlewares:
+    - name: whitelist
+      namespace: traefik  
+    - name: authentik-proxy-provider
+      namespace: traefik  
+    kind: Rule
+    services:
+    - name: tdarr
+      port: 8267
+      scheme: http
+  tls:
+    secretName: tdarr-tls  
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: tdarr-tls
+spec:
+  secretName: tdarr-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "tdarr.internal.durp.info"
+  dnsNames:
+  - "tdarr.internal.durp.info"  

internalproxy/templates/unraid.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: unraid
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: unraid
+subsets:
+  - addresses:
+      - ip: 192.168.20.253
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: unraid-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`unraid.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: unraid
+          port: 443
+          scheme: https
+  tls:
+    secretName: unraid-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: unraid-tls
+spec:
+  secretName: unraid-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "unraid.internal.durp.info"
+  dnsNames:
+    - "unraid.internal.durp.info"

internalproxy/templates/wazuh.yaml

@@ -0,0 +1,63 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: wazuh
+spec:
+  ports:
+    - name: app
+      port: 443
+      protocol: TCP
+      targetPort: 443
+  clusterIP: None
+  type: ClusterIP
+
+---
+
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: wazuh
+subsets:
+  - addresses:
+      - ip: 192.168.20.102
+    ports:
+      - name: app
+        port: 443
+        protocol: TCP
+
+---
+
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: wazuh-ingress
+spec:
+  entryPoints:
+    - websecure
+  routes:
+    - match: Host(`wazuh.internal.durp.info`) && PathPrefix(`/`)
+      middlewares:
+        - name: whitelist
+          namespace: traefik
+      kind: Rule
+      services:
+        - name: wazuh
+          port: 443
+          scheme: https
+  tls:
+    secretName: wazuh-tls
+
+---
+
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: wazuh-tls
+spec:
+  secretName: wazuh-tls
+  issuerRef:
+    name: letsencrypt-production
+    kind: ClusterIssuer
+  commonName: "wazuh.internal.durp.info"
+  dnsNames:
+    - "wazuh.internal.durp.info"

krakend/templates/ingress.yaml

@@ -7,9 +7,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "api.dev.durp.info"
+  commonName: "api.durp.info"
   dnsNames:
-  - "api.dev.durp.info"        
+  - "api.durp.info"        
 
 ---
 
@@ -21,7 +21,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-    - match: Host(`api.dev.durp.info`) && PathPrefix(`/`)
+    - match: Host(`api.durp.info`) && PathPrefix(`/`)
       kind: Rule
       services:
         - name: krakend-service
@@ -37,10 +37,10 @@ apiVersion: v1
 metadata:
   name: api-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: api.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: api.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info
+  externalName: durp.info
 
 ---
 
@@ -49,7 +49,7 @@ apiVersion: v1
 metadata:
   name: api-developer-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: developer.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: developer.durp.info
     external-dns.alpha.kubernetes.io/cloudflare-proxied: "false"
 spec:
   type: ExternalName

kube-prometheus-stack/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: kube-prometheus-stack
   repository: https://prometheus-community.github.io/helm-charts
-  version: 40.5.0
+  version: 63.1.0

kube-prometheus-stack/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`grafana.dev.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`grafana.durp.info`) && PathPrefix(`/`) 
     kind: Rule
     services:
     - name: grafana
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "grafana.dev.durp.info"
+  commonName: "grafana.durp.info"
   dnsNames:
-  - "grafana.dev.durp.info"  
+  - "grafana.durp.info"  
 
 ---
 
@@ -39,7 +39,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`alertmanager.dev.durp.info`) && PathPrefix(`/`) 
+  - match: Host(`alertmanager.durp.info`) && PathPrefix(`/`) 
     middlewares:
     - name: whitelist
       namespace: traefik
@@ -63,9 +63,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "alertmanager.dev.durp.info"
+  commonName: "alertmanager.durp.info"
   dnsNames:
-  - "alertmanager.dev.durp.info"  
+  - "alertmanager.durp.info"  
 
 ---
 
@@ -74,7 +74,7 @@ apiVersion: v1
 metadata:
   name: grafana-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: grafana.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: grafana.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info  
+  externalName: durp.info  

kubeclarity/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: kubeclarity
   repository: https://openclarity.github.io/kubeclarity
-  version: 2.22.0
+  version: 2.23.3

kubeclarity/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`kubeclarity.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`kubeclarity.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: whitelist
       namespace: traefik
@@ -30,9 +30,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "kubeclarity.dev.durp.info"
+  commonName: "kubeclarity.durp.info"
   dnsNames:
-  - "kubeclarity.dev.durp.info"  
+  - "kubeclarity.durp.info"  
 
 ---
 
@@ -41,7 +41,7 @@ apiVersion: v1
 metadata:
   name: kubeclarity-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: kubeclarity.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: kubeclarity.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info
+  externalName: durp.info

littlelink/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`links.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`links.durp.info`) && PathPrefix(`/`)
     kind: Rule
     services:
     - name: littlelink
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "links.dev.durp.info"
+  commonName: "links.durp.info"
   dnsNames:
-  - "links.dev.durp.info"  
+  - "links.durp.info"  
 
 ---
 
@@ -36,8 +36,7 @@ apiVersion: v1
 metadata:
   name: links-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: links.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: links.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info
-
+  externalName: durp.info

longhorn/Chart.yaml

@@ -9,4 +9,4 @@ appVersion: "1.16.0"
 dependencies:
 - name: longhorn
   repository: https://charts.longhorn.io
-  version: 1.7.0
+  version: 1.7.1

longhorn/templates/ingress.yaml

@@ -6,17 +6,17 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`longhorn.internal.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: whitelist
       namespace: traefik
-        #- name: authentik-proxy-provider
-        #  namespace: traefik  
+    - name: authentik-proxy-provider
+      namespace: traefik  
     kind: Rule
     services:
     - name: longhorn-frontend
       port: 80
-  - match: Host(`longhorn.internal.dev.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+  - match: Host(`longhorn.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
     kind: Rule
     services:
     - name: ak-outpost-authentik-embedded-outpost
@@ -36,6 +36,6 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "longhorn.internal.dev.durp.info"
+  commonName: "longhorn.internal.durp.info"
   dnsNames:
-  - "longhorn.internal.dev.durp.info"  
+  - "longhorn.internal.durp.info"  

longhorn/templates/secrets.yaml

@@ -8,7 +8,7 @@ spec:
     name: vault
     kind: ClusterSecretStore
   target:
-    name: longhorn-backup-token-secret2
+    name: longhorn-backup-token-secret
   data:
   - secretKey: AWS_ACCESS_KEY_ID
     remoteRef:

longhorn/values.yaml

@@ -47,7 +47,7 @@ longhorn:
   persistence:
     defaultClass: true
     defaultFsType: ext4
-    defaultClassReplicaCount: 1
+    defaultClassReplicaCount: 3
     defaultDataLocality: disabled # best-effort otherwise
     reclaimPolicy: Retain
     migratable: false
@@ -57,7 +57,7 @@ longhorn:
           {
             "name":"backup", 
             "task":"backup", 
-            "cron":"0 */6 * * *", 
+            "cron":"0 0 * * ?", 
             "retain":24
           }
         ]'
@@ -76,8 +76,8 @@ longhorn:
     snapshotterReplicaCount: ~
   
   defaultSettings:
-    backupTarget: S3://longhorn-dev@us-east-1/
-    backupTargetCredentialSecret: longhorn-backup-token-secret2
+    backupTarget: S3://longhorn-master@us-east-1/
+    backupTargetCredentialSecret: longhorn-backup-token-secret
     allowRecurringJobWhileVolumeDetached: ~
     createDefaultDiskLabeledNodes: ~
     defaultDataPath: ~
@@ -238,7 +238,7 @@ longhorn:
     #   certificate:
   
   # Configure a pod security policy in the Longhorn namespace to allow privileged pods
-  enablePSP: false
+  enablePSP: true
   
   ## Specify override namespace, specifically this is useful for using longhorn as sub-chart
   ## and its release namespace is not the `longhorn-system`

metallb-system/Chart.yaml

@@ -9,4 +9,5 @@ appVersion: "1.16.0"
 dependencies:
 - name: metallb
   repository: https://metallb.github.io/metallb
-  version: 0.14.5
+  version: 0.14.8
+

metallb-system/templates/config.yaml

@@ -4,13 +4,14 @@ metadata:
   name: cheap
 spec:
   addresses:
-    - 192.168.10.110-192.168.10.120
+    - 192.168.20.130-192.168.20.140
 ---
 apiVersion: metallb.io/v1beta1
 kind: L2Advertisement
 metadata:
-  name: pool
+  name: poop
   namespace: metallb-system
 spec:
   ipAddressPools:
   - cheap
+

metallb-system/values.yaml

@@ -194,3 +194,4 @@ metallb:
     validationFailurePolicy: Fail
   frrk8s:
     enabled: false
+

nfs-client/templates/provisioner.yml

@@ -34,9 +34,9 @@ spec:
             - name: NFS_SERVER
               value: 192.168.20.253
             - name: NFS_PATH
-              value: /mnt/user/k3s-dev 
+              value: /mnt/user/k3s 
       volumes:
         - name: nfs-client-ssd
           nfs:
             server: 192.168.20.253
-            path: /mnt/user/k3s-dev
+            path: /mnt/user/k3s

open-webui/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`open-webui.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`open-webui.durp.info`) && PathPrefix(`/`)
     kind: Rule
     services:
     - name: open-webui
@@ -25,9 +25,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "open-webui.dev.durp.info"
+  commonName: "open-webui.durp.info"
   dnsNames:
-  - "open-webui.dev.durp.info"  
+  - "open-webui.durp.info"  
 
 ---
 
@@ -36,7 +36,7 @@ apiVersion: v1
 metadata:
   name: open-webui-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: open-webui.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: open-webui.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info
+  externalName: durp.info

traefik/Chart.yaml

@@ -8,4 +8,4 @@ appVersion: 0.0.1
 dependencies:
 - name: traefik
   repository: https://traefik.github.io/charts
-  version: 22.1.0
+  version: 24.0.0

traefik/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`traefik.internal.dev.durp.info`)
+  - match: Host(`traefik.internal.durp.info`)
     middlewares:
     - name: authentik-proxy-provider
       namespace: traefik    
@@ -14,7 +14,7 @@ spec:
     services:
     - name: api@internal
       kind: TraefikService
-  - match: Host(`traefik.internal.dev.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
+  - match: Host(`traefik.internal.durp.info`) && PathPrefix(`/outpost.goauthentik.io`)
     kind: Rule
     services:
     - name: ak-outpost-authentik-embedded-outpost
@@ -34,6 +34,6 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "traefik.internal.dev.durp.info"
+  commonName: "traefik.internal.durp.info"
   dnsNames:
-  - "traefik.internal.dev.durp.info"
+  - "traefik.internal.durp.info"

traefik/templates/middleware-chain.yaml

@@ -1,8 +0,0 @@
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: internal-only
-spec:
-  chain:
-    middlewares:
-    - name: whitelist

traefik/templates/middlewares.yaml

@@ -26,20 +26,11 @@ apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
   name: whitelist
+  namespace: traefik
 spec:
   ipWhiteList:
     sourceRange:
-      - 192.168.0.0/16
+      - 192.168.20.1/32
       - 10.0.0.0/8
-
----
-
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: traefik-real-ip
-spec:
-  plugin:
-    traefik-real-ip:
-      excludednets:
-        - "1.1.1.1/24"
+      - 192.168.30.0/24
+      - 192.168.130.0/24

traefik/values.yaml

@@ -502,8 +502,6 @@ traefik:
     - "--log.level=DEBUG"
     - --experimental.plugins.jwt.moduleName=github.com/traefik-plugins/traefik-jwt-plugin
     - --experimental.plugins.jwt.version=v0.7.0
-    - --experimental.plugins.traefik-real-ip.moduleName=github.com/soulbalz/traefik-real-ip
-    - --experimental.plugins.traefik-real-ip.version=v1.0.3
 
 
   # Environment variables to be passed to Traefik's binary
@@ -580,10 +578,9 @@ traefik:
       redirectTo: websecure
       #
       # Trust forwarded  headers information (X-Forwarded-*).
-      forwardedHeaders:
-        trustedIPs: 
-          - "192.168.10.1"
-        insecure: false
+      # forwardedHeaders:
+      #   trustedIPs: []
+      #   insecure: false
       #
       # Enable the Proxy Protocol header parsing for the entry point
       # proxyProtocol:
@@ -611,10 +608,9 @@ traefik:
       # advertisedPort: 4443
       #
       ## Trust forwarded  headers information (X-Forwarded-*).
-      forwardedHeaders:
-        trustedIPs: 
-          - "192.168.10.1"
-        insecure: false
+      #forwardedHeaders:
+      #  trustedIPs: []
+      #  insecure: false
       #
       ## Enable the Proxy Protocol header parsing for the entry point
       #proxyProtocol:
@@ -734,22 +730,22 @@ traefik:
   ## Create HorizontalPodAutoscaler object.
   ##
   autoscaling:
-    enabled: false
-    minReplicas: 1
+    enabled: true
+    minReplicas: 3
     maxReplicas: 10
     metrics:
-    - type: Resource
-      resource:
-        name: cpu
-        target:
-          type: Utilization
-          averageUtilization: 60
     - type: Resource
       resource:
         name: memory
         target:
           type: Utilization
-          averageUtilization: 60
+          averageUtilization: 80
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 80
     behavior:
       scaleDown:
         stabilizationWindowSeconds: 300
@@ -823,13 +819,13 @@ traefik:
   # Additional serviceAccount annotations (e.g. for oidc authentication)
   serviceAccountAnnotations: {}
 
-  resources: {}
-    # requests:
-    #   cpu: "100m"
-    #   memory: "50Mi"
-    # limits:
-    #   cpu: "300m"
-    #   memory: "150Mi"
+  resources:
+    requests:
+      cpu: "100m"
+      memory: "128Mi"
+    limits:
+      cpu: "300m"
+      memory: "256Mi"
 
   # This example pod anti-affinity forces the scheduler to put traefik pods
   # on nodes where no other traefik pods are scheduled.

uptimekuma/templates/ingress.yaml

@@ -6,7 +6,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`kuma.dev.durp.info`) && PathPrefix(`/`)
+  - match: Host(`kuma.durp.info`) && PathPrefix(`/`)
     middlewares:
     - name: authentik-proxy-provider
       namespace: traefik    
@@ -28,9 +28,9 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "kuma.dev.durp.info"
+  commonName: "kuma.durp.info"
   dnsNames:
-  - "kuma.dev.durp.info"  
+  - "kuma.durp.info"  
 
 ---
 
@@ -39,7 +39,7 @@ apiVersion: v1
 metadata:
   name: heimdall-external-dns
   annotations:
-    external-dns.alpha.kubernetes.io/hostname: kuma.dev.durp.info
+    external-dns.alpha.kubernetes.io/hostname: kuma.durp.info
 spec:
   type: ExternalName
-  externalName: dev.durp.info
+  externalName: durp.info

vault/templates/ingress.yaml

@@ -8,7 +8,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`vault.internal.dev.durp.info`)
+  - match: Host(`vault.internal.durp.info`)
     middlewares:
     - name: whitelist
       namespace: traefik  
@@ -31,7 +31,7 @@ spec:
   issuerRef:
     name: letsencrypt-production
     kind: ClusterIssuer
-  commonName: "vault.internal.dev.durp.info"
+  commonName: "vault.internal.durp.info"
   dnsNames:
-  - "vault.internal.dev.durp.info"  
+  - "vault.internal.durp.info"  
 

vault/values.yaml

@@ -14,7 +14,7 @@ vault:
   injector:
     enabled: "-"
 
-    replicas: 2
+    replicas: 3
     leaderElector:
       enabled: true
 
@@ -39,14 +39,13 @@ vault:
     ha:
       enabled: false
       replicas: 3
-    resources: {}
-    # resources:
-    #   requests:
-    #     memory: 256Mi
-    #     cpu: 250m
-    #   limits:
-    #     memory: 256Mi
-    #     cpu: 250m
+    resources:
+      requests:
+        memory: 256Mi
+        cpu: 250m
+      limits:
+        memory: 256Mi
+        cpu: 250m
 
     dataStorage:
       enabled: true