feat: update authentik chart to 2024.2

k8s/argo-apps/authentik.yaml

@@ -11,7 +11,7 @@ spec:
   sources:
     - chart: authentik
       repoURL: https://charts.goauthentik.io/
-      targetRevision: 2023.10.*
+      targetRevision: 2024.2.*
       helm:
         valuesObject:
           authentik:
@@ -26,7 +26,8 @@ spec:
                 timeout: 30
                 from: auth@fukurokuju.dev
               postgresql:
-                host: 192.168.1.13
+                host: 192.168.1.3
+                port: 55432
                 name: auth
                 user: file:///authentik-creds/pg_username
                 password: file:///authentik-creds/pg_password
@@ -34,49 +35,55 @@ spec:
                 host: 192.168.1.3
                 port: 30036
                 password: file:///authentik-creds/redis_password
-          volumeMounts:
+              error_reporting:
-            - name: authentik-creds
+                enabled: true
-              mountPath: /authentik-creds
+          global:
-            - name: media
+            volumeMounts:
-              mountPath: /media
+              - name: authentik-creds
-          volumes:
+                mountPath: /authentik-creds
-            - name: authentik-creds
+              - name: media
-              secret:
+                mountPath: /media
-                secretName: secrets-authentik
+            volumes:
-            - name: media
+              - name: authentik-creds
-              persistentVolumeClaim:
+                secret:
-                claimName: pvc-authentik-media
+                  secretName: secrets-authentik
-          autoscaling:
+              - name: media
-            server:
+                persistentVolumeClaim:
+                  claimName: pvc-authentik-media
+          server:
+            autoscaling:
               enabled: true
-              maxScaling: 3
+              minReplicas: 1
-            worker:
+              maxReplicas: 3
+            pdb:
               enabled: true
-          pdb:
+              minAvailable: 1
-            server:
+            service:
+              type: LoadBalancer
+              servicePortHttp: 9000
+              servicePortHttps: 9443
+            metrics:
               enabled: true
-              maxUnavailable: 2
+              service:
-            worker:
+                type: LoadBalancer
-              enabled:
+              serviceMonitor:
-                maxUnavailable: 4
+                enabled: true
-          service:
+            ingress:
-            type: LoadBalancer
+              enabled: true
-            port: 9000
+              ingressClassName: traefik
-            name: http
+              hosts:
-          ingress:
+                - auth.fukurokuju.dev
-            enabled: true
+              tls: []
-            ingressClassName: traefik
+              https: true
-            hosts:
+          worker:
-              - host: auth.fukurokuju.dev
+            autoscaling:
-                paths:
+              enabled: true
-                  - path: "/"
+              minReplicas: 2
-                    pathType: Prefix
+              maxReplicas: 6
-                    backend:
+            pdb:
-                      service:
+              enabled: true
-                        name: http
+              minAvailable: 2
-                        port:
+
-                          number: 9000
-                tls: []
     - repoURL: https://git.roboces.dev/catalin/fukuops.git
       path: k8s/services/authentik
       targetRevision: main

k8s/argo-apps/loki.yaml

@@ -68,28 +68,32 @@ spec:
                 enabled: true
             extraScrapeConfigs: |
               - job_name: 'argocd-metrics'
-                static_configs: 
+                static_configs:
                   - targets: ["argocd-metrics.argocd:8082"]
-              
+
               - job_name: 'argocd-server-metrics'
-                static_configs: 
+                static_configs:
                   - targets: ["argocd-server-metrics.argocd:8083"]
-              
+
               - job_name: 'argocd-repo-server-metrics'
-                static_configs: 
+                static_configs:
                   - targets: ["argocd-server.argocd:8084"]
-              
+
               - job_name: 'argocd-applicationset-controller-metrics'
-                static_configs: 
+                static_configs:
                   - targets: ["argocd-applicationset-controller-metrics.argocd:8080"]
-              
+
               - job_name: 'argocd-dex-server'
                 static_configs:
                   - targets: ["argocd-dex-server.argocd:5558"]
-              
+
               - job_name: 'argocd-notifications-controller-metrics'
-                static_configs: 
+                static_configs:
                   - targets: ["argocd-notifications-controller-metrics.argocd:9001"]
+              
+              - job_name: 'miniflux'
+                static_configs:
+                  - targets: ["miniflux-service.apps-roboces:8888"]
             alertmanager:
               persistence:
                 enabled: true

k8s/services/argo/project-fuku.yaml

@@ -21,4 +21,4 @@ spec:
     - https://kubereboot.github.io/charts
     - https://sqljames.github.io/factorio-server-charts/
     - https://portainer.github.io/k8s/
-    - https://charts.bitnami.com/bitnami
+    - https://charts.bitnami.com/bitnami

k8s/services/argo/project-management.yaml

@@ -26,3 +26,4 @@ spec:
     - https://grafana.github.io/helm-charts
     - https://kubernetes-sigs.github.io/descheduler/
     - https://github.com/rancher/system-upgrade-controller.git
+    - https://charts.bitnami.com/bitnami

k8s/services/miniflux/deployment.yaml

@@ -90,5 +90,7 @@ spec:
               value: "25"
             - name: METRICS_COLLECTOR
               value: "1"
+            - name: METRICS_ALLOWED_NETWORKS
+              value: 10.42.1.0/16
       restartPolicy: Always
-      automountServiceAccountToken: false
+      automountServiceAccountToken: false

k8s/services/miniflux/ingressroute.yaml

@@ -29,4 +29,4 @@ spec:
       match: Host(`feeds.fuku`)
       services:
         - name: miniflux-service
-          port: 8888
+          port: 8888

tofu/adguard/main.tf

@@ -86,17 +86,3 @@ resource "adguard_rewrite" "feeds_local_3" {
   answer = "192.168.1.33"
 }
 
-resource "adguard_rewrite" "feeds_local_1" {
-  domain = "feeds.fuku"
-  answer = "192.168.1.31"
-}
-
-resource "adguard_rewrite" "feeds_local_2" {
-  domain = "feeds.fuku"
-  answer = "192.168.1.32"
-}
-
-resource "adguard_rewrite" "feeds_local_3" {
-  domain = "feeds.fuku"
-  answer = "192.168.1.33"
-}

tofu/proxmox/main.tf

@@ -17,14 +17,14 @@ provider "proxmox" {
 }
 
 module "master1" {
-  source     = "../modules/proxmox-vm"
+  source            = "../modules/proxmox-vm"
-  vm_id      = 3001
+  vm_id             = 3001
-  vm_name    = "master1.ramiel.fuku"
+  vm_name           = "master1.ramiel.fuku"
-  node_name  = "ramiel"
+  node_name         = "ramiel"
-  ipconfig0  = "ip=192.168.1.31/24,gw=192.168.1.1"
+  ipconfig0         = "ip=192.168.1.31/24,gw=192.168.1.1"
-  memory     = 5120
+  memory            = 5120
   disk_storage_name = "storage"
-  core_count = 2
+  core_count        = 2
 }
 
 module "master2" {