polynom.me/infra-charts
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: polynom.me:19efca2c1fc193f438a098756ed052eb1ea72098
Branches Tags
polynom.me:master
...
compare: polynom.me:master
Branches Tags
polynom.me:master

4 Commits
19efca2c1f ... master

Author SHA1 Message Date
Alexander "PapaTutuWawa
80e760f107 page-metrics-exporter: Add Chart? 2025-11-04 00:34:25 +01:00
Alexander "PapaTutuWawa
d4e0c67b6d rio: Bump Chart 2025-11-03 23:33:15 +01:00
Alexander "PapaTutuWawa
71267cd44d rio,page-metrics-exporter: Add Charts 2025-11-03 23:32:48 +01:00
Alexander "PapaTutuWawa
4295a76da3 grafana: Add Chart 2025-11-01 20:39:59 +01:00
21 changed files with 508 additions and 0 deletions
Expand all files Collapse all files

23
grafana/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
grafana/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2025-11-01T17:06:01.710190989+01:00"

11
grafana/Chart.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v2
name: grafana
description: A Helm chart for Grafana
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: common
version: 0.1.0
repository: "file://../common"

118
grafana/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,118 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: grafana
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "common.app.labels" . | nindent 6 }}
template:
metadata:
labels: {{- include "common.app.labels" . | nindent 8 }}
{{- range $label, $value := default .Values.deployment.podLabels dict }}
{{ $label }}: {{ $value | quote }}
{{- end }}
spec:
containers:
- name: grafana
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
env:
- name: GF_ANALYTICS_ENABLED
value: "false"
- name: GF_ANALYTICS_REPORTING_ENABLED
value: "false"
- name: GF_ANALYTICS_CHECK_FOR_UPDATES
value: "false"
- name: GF_USERS_ALLOW_SIGN_UP
value: "{{ default .Values.config.allowSignup false }}"
- name: GF_SECURITY_DISABLE_GRAVATAR
value: "true"
- name: GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION
value: "true"
- name: GF_SERVER_ROOT_URL
value: "{{ .Values.config.externalProtocol }}://{{ .Values.config.domain }}"
- name: GF_SERVER_PROTOCOL
value: {{ .Values.config.protocol }}
- name: GF_SERVER_HTTP_ADDR
value: 0.0.0.0
- name: GF_SERVER_HTTP_PORT
value: "3000"
- name: GF_SERVER_DOMAIN
value: {{ .Values.config.domain }}
{{- if .Values.config.database.enabled }}
- name: GF_DATABASE_USER
value: {{ .Values.config.database.user }}
- name: GF_DATABASE_TYPE
value: {{ .Values.config.database.type }}
- name: GF_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
key: {{ .Values.config.database.passwordRef.key }}
name: {{ .Values.config.database.passwordRef.secretName }}
- name: GF_DATABASE_NAME
value: {{ .Values.config.database.database }}
- name: GF_DATABASE_HOST
value: {{ .Values.config.database.host }}
{{- end }}
{{- if default .Values.config.oauth.enabled false }}
- name: GF_AUTH_GENERIC_OAUTH_ENABLED
value: "true"
- name: GF_AUTH_GENERIC_OAUTH_NAME
value: {{ .Values.config.oauth.name | quote }}
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_ID
value: {{ .Values.config.oauth.clientId }}
- name: GF_AUTH_GENERIC_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: {{ .Values.config.oauth.clientSecretRef.key }}
name: {{ .Values.config.oauth.clientSecretRef.secretName }}
- name: GF_AUTH_GENERIC_OAUTH_SCOPES
value: openid email profile
- name: GF_AUTH_GENERIC_OAUTH_AUTH_URL
value: {{ .Values.config.oauth.authUrl }}
- name: GF_AUTH_GENERIC_OAUTH_TOKEN_URL
value: {{ .Values.config.oauth.tokenUrl }}
- name: GF_AUTH_GENERIC_OAUTH_API_URL
value: {{ .Values.config.oauth.apiUrl }}
- name: GF_AUTH_SIGNOUT_REDIRECT_URL
value: {{ .Values.config.oauth.signoutRedirectUrl }}
- name: GF_AUTH_OAUTH_AUTO_LOGIN
value: {{ .Values.config.oauth.autoLogin | quote }}
- name: GF_AUTH_GENERIC_OAUTH_ROLE_ATTRIBUTE_PATH
value: {{ .Values.config.oauth.roleAttributePath }}
- name: GF_AUTH_GENERIC_OAUTH_ALLOW_ASSIGN_GRAFANA_ADMIN
value: {{ .Values.config.oauth.allowAssignAdmin | quote }}
{{- end }}
volumeMounts:
- mountPath: /var/lib/grafana
name: data
ports:
- containerPort: 3000
name: http
protocol: TCP
readinessProbe:
httpGet:
port: 3000
path: /api/health
livenessProbe:
httpGet:
port: 3000
path: /api/health
initialDelaySeconds: 60
timeoutSeconds: 30
failureThreshold: 10
securityContext:
runAsNonRoot: true
runAsUser: 10001
runAsGroup: 10001
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
automountServiceAccountToken: false
volumes:
- name: data
persistentVolumeClaim:
claimName: grafana

8
grafana/templates/extra.yaml Normal file
View File

@@ -0,0 +1,8 @@
{{ range .Values.extraObjects }}
---
{{- if typeIs "string" . }}
{{ tpl . $ }}
{{ else }}
{{ tpl (. | toYaml) $ }}
{{- end }}
{{ end }}

13
grafana/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: grafana
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
storageClassName: {{ .Values.pvc.storageClass }}
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 500Mi

13
grafana/templates/service.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: grafana
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
selector: {{- include "common.app.labels" . | nindent 4 }}
type: ClusterIP
ports:
- port: 3000
protocol: TCP
name: http

45
grafana/values.yaml Normal file
View File

@@ -0,0 +1,45 @@
image: "grafana/grafana-oss"
imageTag: "11.3.4"
config:
# Allow user registration
allowSignup: false
# Protocol Grafana is served as
protocol: http
# Protocol that Grafana is externally visible under
externalProtocol: https
# Domain under which Grafana will be accessible
domain: example.org
database:
enabled: true
type: postgres
user: grafana
passwordRef:
secretName: grafana
key: database-password
host: db.example.org
database: grafana
oauth:
enabled: false
name: example login
clientId: <...>
clientSecretRef:
secretName: grafana
key: client-secret
authUrl: <...>
tokenUrl: <...>
apiUrl: <...>
signoutRedirectUrl: <...>
autoLogin: true
allowAssignAdmin: true
roleAttributePath: ""
extraObjects: []
deployment:
# Extra labels
podLabels: {}
pvc:
storageClass: local-storage

23
page-metrics-exporter/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
page-metrics-exporter/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2025-11-03T23:07:59.058930685+01:00"

11
page-metrics-exporter/Chart.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v2
name: page-metrics-exporter
description: A Helm chart for page-metrics-exporter
type: application
version: 0.1.0
appVersion: "1.16.0"
dependencies:
- name: common
version: 0.1.0
repository: file://../common

44
page-metrics-exporter/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,44 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: page-metrics-exporter
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "common.app.labels" . | nindent 6 }}
template:
metadata:
annotations:
prometheus.io/scrape: "true"
prometheus.io/port: "8080"
labels: {{- include "common.app.labels" . | nindent 8 }}
spec:
containers:
- name: page-metrics-exporter
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
args:
- --host
- 0.0.0.0
- --port
- "8080"
ports:
- containerPort: 8080
protocol: TCP
name: metrics
readinessProbe:
httpGet:
port: 8080
path: /metrics
livenessProbe:
httpGet:
port: 8080
path: /metrics
securityContext:
runAsNonRoot: true
runAsUser: 10005
runAsGroup: 10005
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL

13
page-metrics-exporter/templates/service.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: Service
metadata:
name: page-metrics-exporter
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
selector: {{- include "common.app.labels" . | nindent 4 }}
ports:
- port: 8080
protocol: TCP
name: metrics
type: ClusterIP

2
page-metrics-exporter/values.yaml Normal file
View File

@@ -0,0 +1,2 @@
image: git.polynom.me/polynom.me/page-metrics
imageTag: latest

23
rio/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
rio/Chart.lock Normal file
View File

@@ -0,0 +1,6 @@
dependencies:
- name: common
repository: file://../common
version: 0.1.0
digest: sha256:636a65e9846bdff17cc4e65b0849061f783759a37aa51fb85ff6fd8ba5e68467
generated: "2025-11-03T22:42:18.664343287+01:00"

11
rio/Chart.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v2
name: rio
description: A Helm chart for rio
type: application
version: 0.1.1
appVersion: "1.16.0"
dependencies:
- name: common
version: 0.1.0
repository: file://../common

73
rio/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,73 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: rio
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
selector:
matchLabels: {{- include "common.app.labels" . | nindent 6 }}
template:
metadata:
labels: {{- include "common.app.labels" . | nindent 8 }}
spec:
containers:
- name: rio
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
env:
- name: PAGES_DOMAIN
value: {{ .Values.config.domain }}
- name: GITEA_URL
value: {{ .Values.config.giteaUrl | quote }}
- name: HOST
value: "0.0.0.0"
- name: PORT
value: "4443"
- name: HTTP_HOST
value: "0.0.0.0"
- name: HTTP_PORT
value: "8080"
- name: ACME_DNS_PROVIDER
value: {{ .Values.config.acme.dnsProvider }}
{{- .Values.config.acme.env | toYaml | nindent 12 }}
- name: TOKEN_FILE
value: /etc/rio/secrets/gitea-token
- name: ACME_EMAIL
value: {{ .Values.config.acme.email }}
- name: CERTS_FILE
value: /var/lib/rio/certs.json
- name: ACME_FILE
value: /var/lib/rio/acme.json
- name: ACME_SERVER
value: {{ .Values.config.acme.server }}
{{- if .Values.config.metrics.enabled }}
- name: METRICS_URL
value: {{ .Values.config.metrics.url }}
{{- end }}
ports:
- containerPort: 8080
protocol: TCP
name: http
- containerPort: 4443
protocol: TCP
name: https
securityContext:
runAsNonRoot: true
runAsUser: 10004
runAsGroup: 10004
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /etc/rio/secrets/
name: secrets
- mountPath: /var/lib/rio/
name: data
volumes:
- name: secrets
secret:
secretName: {{ .Values.config.secretName }}
- name: data
persistentVolumeClaim:
claimName: rio-data

13
rio/templates/pvc.yaml Normal file
View File

@@ -0,0 +1,13 @@
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: rio-data
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 4Mi
storageClassName: {{ .Values.pvc.storageClass }}

16
rio/templates/service.yaml Normal file
View File

@@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Service
metadata:
name: rio
labels: {{- include "common.app.labels" . | nindent 4 }}
spec:
selector: {{- include "common.app.labels" . | nindent 4 }}
ports:
- port: 8080
name: http
protocol: TCP
- port: 4443
name: https
protocol: TCP
type: ClusterIP

30
rio/values.yaml Normal file
View File

@@ -0,0 +1,30 @@
image: git.polynom.me/papatutuwawa/rio
imageTag: "20240721-1"
config:
# Secret to mount under /etc/rio/secrets/
secretName: rio
# Domain to serve the domains under
domain: example.org
# URL of the Gitea instance to serve from
giteaUrl: https://gitea.example.org
# DNS provider to use
acme:
# The DNS provider to use
dnsProvider: example
# Extra environment variabls to use for that provider
env: []
# The EMail to use to register with the ACME provider
email: user@example.org
# The ACME server to use
server: https://acme-staging-v02.api.letsencrypt.org/directory
metrics:
# Send metrics to a collection server
enabled: false
# URL of the collection server
url: ...
pvc:
# Storage class to use for the data PVC
storageClass: local-path