Feat/add headlamp (#2396)

* feat add headlamp

* feat: add pihole exporter

* feat. add actual budget

* feat: add searxng

* feat: add vikunja

* fix: emqx

* chore: storage emqx

* chore: remove trivy operator for now

* chore: stuff

* chore: stuff

.github/workflows/flux-diff.yaml

@@ -36,6 +36,7 @@ jobs:
         uses: tj-actions/changed-files@v45
         with:
           files: kubernetes/**
+          files_ignore: kubernetes/shared/**
           dir_names: true
           dir_names_max_depth: 2
           matrix: true

.github/workflows/flux-image-test.yaml

@@ -35,6 +35,7 @@ jobs:
         uses: tj-actions/changed-files@v45
         with:
           files: kubernetes/**
+          files_ignore: kubernetes/shared/**
           dir_names: true
           dir_names_max_depth: 2
           matrix: true

kubernetes/main/apps/observability/exporters/pihole/helmrelease.yaml

@@ -9,7 +9,7 @@ spec:
   chart:
     spec:
       chart: app-template
-      version: 3.4.0
+      version: 3.5.1
       sourceRef:
         kind: HelmRepository
         name: bjw-s

kubernetes/main/apps/observability/exporters/pihole/kustomization.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./externalsecret.yaml
+  - ./helmrelease.yaml

kubernetes/main/apps/observability/headlamp/app/helmrelease.yaml

@@ -0,0 +1,67 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: headlamp
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: headlamp
+      version: 0.26.0
+      sourceRef:
+        kind: HelmRepository
+        name: headlamp
+        namespace: flux-system
+  driftDetection:
+    mode: enabled
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      strategy: rollback
+      retries: 3
+  values:
+    fullnameOverride: headlamp
+    initContainers:
+      - image: ghcr.io/headlamp-k8s/headlamp-plugin-flux:v0.1.0-beta-1@sha256:5274c581d69b36af6899dfccfc73adeda414e0ae6046f009db8ed3c4271c6add
+        command:
+          - /bin/sh
+          - -c
+          - mkdir -p /build/plugins && cp -r /plugins/* /build/plugins/
+        name: headlamp-plugins
+        volumeMounts:
+          - mountPath: /build/plugins
+            name: headlamp-plugins
+    config:
+      oidc:
+        secret:
+          create: false
+        externalSecret:
+          enabled: true
+          name: headlamp-oidc
+      pluginsDir: /build/plugins
+    podAnnotations:
+      reloader.stakater.com/auto: "true"
+    volumeMounts:
+      - mountPath: /build/plugins
+        name: headlamp-plugins
+    volumes:
+      - name: headlamp-plugins
+        persistentVolumeClaim:
+          claimName: headlamp
+    ingress:
+      enabled: true
+      ingressClassName: internal
+      hosts:
+        - host: headlamp.rafaribe.com
+          paths:
+            - path: /
+              type: Prefix
+              backend:
+                service:
+                  name: headlamp
+                  port:
+                    number: 80

kubernetes/main/apps/observability/headlamp/app/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: observability
+resources:
+  - ./helmrelease.yaml
+  - ../../../../../shared/templates/volsync
+  - ../../../../../shared/templates/gatus/guarded

kubernetes/main/apps/observability/headlamp/ks.yaml

@@ -0,0 +1,20 @@
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/kustomize.toolkit.fluxcd.io/kustomization_v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &app headlamp
+  namespace: flux-system
+spec:
+  targetNamespace: observability
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *app
+  path: ./kubernetes/main/apps/observability/headlamp/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: false
+  interval: 30m
+  retryInterval: 1m
+  timeout: 5m

kubernetes/main/apps/observability/kustomization.yaml

@@ -7,8 +7,10 @@ resources:
   # Flux-Kustomizations
   - ./alertmanager-discord/ks.yaml
   - ./alertmanager/ks.yaml
+  - ./exporters/ks.yaml
   - ./gatus/ks.yaml
   - ./grafana/ks.yaml
+  #- ./headlamp/ks.yaml
   - ./karma/ks.yaml
   - ./kepler/ks.yaml
   - ./kromgo/ks.yaml

kubernetes/main/apps/security/kustomization.yaml

@@ -8,5 +8,5 @@ resources:
   # Flux-Kustomizations
   - ./authelia/ks.yaml
   - ./glauth/ks.yaml
-  - ./trivy-operator/ks.yaml
+  # - ./trivy-operator/ks.yaml
   - ./tetragon/ks.yaml

kubernetes/main/apps/services/actual/app/helmrelease.yaml

@@ -0,0 +1,86 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/main/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: actual
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: app-template
+      version: 3.5.1
+      interval: 30m
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-s
+        namespace: flux-system
+
+  values:
+    controllers:
+      actual:
+        annotations:
+          reloader.stakater.com/auto: "true"
+
+        pod:
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            fsGroup: 1000
+            fsGroupChangePolicy: "OnRootMismatch"
+
+        containers:
+          app:
+            image:
+              repository: ghcr.io/actualbudget/actual-server
+              tag: 24.11.0
+            env:
+              ACTUAL_PORT: &httpPort 5006
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: /
+                    port: *httpPort
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+            resources:
+              requests:
+                cpu: 12m
+                memory: 128M
+              limits:
+                memory: 512M
+
+    service:
+      app:
+        controller: actual
+        ports:
+          http:
+            port: *httpPort
+
+    ingress:
+      app:
+        className: "internal"
+        annotations:
+          external-dns.alpha.kubernetes.io/target: internal.rafaribe.com
+        hosts:
+          - host: actual.rafaribe.com
+            paths:
+              - path: /
+                service:
+                  identifier: app
+                  port: http
+
+    persistence:
+      data:
+        existingClaim: actual-data
+        advancedMounts:
+          actual:
+            app:
+              - path: /data

kubernetes/main/apps/services/actual/app/kustomization.yaml

@@ -0,0 +1,8 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ./helmrelease.yaml
+  - ../../../../../shared/templates/gatus/guarded
+  - ../../../../../shared/templates/volsync

kubernetes/main/apps/services/actual/ks.yaml

@@ -0,0 +1,28 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/fluxcd-community/flux2-schemas/main/kustomization-kustomize-v1.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+  name: &appname actual
+  namespace: flux-system
+spec:
+  targetNamespace: services
+  commonMetadata:
+    labels:
+      app.kubernetes.io/name: *appname
+  interval: 30m
+  timeout: 5m
+  path: "./kubernetes/main/apps/services/actual/app"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops
+  wait: false
+  dependsOn:
+    - name: rook-ceph-cluster
+    - name: volsync
+    - name: external-secrets-stores
+  postBuild:
+    substitute:
+      APP: *appname
+      VOLSYNC_CLAIM: actual-data

kubernetes/main/apps/services/kustomization.yaml

@@ -6,6 +6,7 @@ resources:
   # Pre Flux-Kustomizations
   - ./namespace.yaml
   # Flux-Kustomizations
+  - ./actual/ks.yaml
   - ./atuin/ks.yaml
   - ./cyberchef/ks.yaml
   - ./ferdium/ks.yaml
@@ -18,7 +19,9 @@ resources:
   - ./mealie/ks.yaml
   - ./netboot/ks.yaml
   - ./paperless/ks.yaml
+  - ./searxng/ks.yaml
   - ./smtp-relay/ks.yaml
   - ./tandoor/ks.yaml
   - ./thelounge/ks.yaml
   - ./radicale/ks.yaml
+  - ./vikunja/ks.yaml

kubernetes/main/apps/services/searxng/app/externalsecret.yaml

@@ -0,0 +1,21 @@
+---
+# yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/external-secrets.io/externalsecret_v1beta1.json
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: &app searxng
+spec:
+  refreshInterval: 5m
+  secretStoreRef:
+    kind: ClusterSecretStore
+    name: akeyless-secret-store
+  target:
+    name: *app
+    creationPolicy: Owner
+    template:
+      engineVersion: v2
+      data:
+        SEARXNG_SECRET: "{{ .SEARXNG_SECRET_KEY }}"
+  dataFrom:
+    - extract:
+        key: /searxng