feat: add pulse

2026-01-28 12:37:28 +01:00 · 2026-01-28 12:37:28 +01:00 · aa05c20e2d
commit aa05c20e2d
parent 7a4f608d2e
9 changed files with 195 additions and 46 deletions
--- a/k8s/argo-apps/factorio.yaml
+++ b/k8s/argo-apps/factorio.yaml
@ -1,45 +0,0 @@
---
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-    name: factorio
-    namespace: argocd
-spec:
-    destination:
-        name: ''
-        namespace: apps-fuku
-        server: https://kubernetes.default.svc
-    sources:
-        - chart: factorio-server-charts
-          repoURL: https://sqljames.github.io/factorio-server-charts/
-          targetRevision: 2.5.*
-          helm:
-              valuesObject:
-                  rcon:
-                      passwordSecret: secrets-factorio
-                  nodeSelector:
-                      kubernetes.io/hostname: agent1
-                  image:
-                      tag: latest
-                  factorioServer:
-                      save_name: fukurokuju-space
-                  admin_list:
-                      - Phireh
-                  account:
-                      accountSecret: secrets-factorio
-                  server_settings:
-                      name: factorio-fukurokuju
-                      visibility:
-                          public: false
-                      require_user_verification: false
-                  persistence:
-                      storageClassName: truenas-nfs-csi
-                  serverPassword:
-                      passwordSecret: secrets-factorio
-
-        - repoURL: https://git.roboces.dev/catalin/fukuops.git
-          path: k8s/services/factorio
-          targetRevision: main
-    project: fuku
-    syncPolicy:
-        automated: {}
--- a/k8s/argo-apps/pulse.yaml
+++ b/k8s/argo-apps/pulse.yaml
@ -0,0 +1,43 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: pulse
+  namespace: argocd
+spec:
+  destination:
+    name: ''
+    namespace: apps-fuku
+    server: https://kubernetes.default.svc
+  project: fuku
+  syncPolicy:
+    automated: {}
+  sources:
+    - repoURL: https://rcourtman.github.io/Pulse
+      chart: pulse
+      targetRevision: v5.0.*
+      helm:
+        valuesObject:
+          persistence:
+            enabled: true
+            size: 10Gi
+            storageClass: truenas-nfs-csi
+            accessModes:
+              - ReadWriteMany
+          service:
+            type: LoadBalancer
+          ingress:
+            enabled: true
+            hosts:
+              - host: pulse.fukurokuju.dev
+                paths:
+                  - path: /
+                    pathType: Prefix
+            tls: []
+          monitoring:
+            serviceMonitor:
+              enabled: true
+
+    - path: k8s/services/pulse
+      repoURL: https://git.roboces.dev/catalin/fukuops.git
+      targetRevision: main
--- a/k8s/services/argo/project-fuku.yaml
+++ b/k8s/services/argo/project-fuku.yaml
@ -32,3 +32,4 @@ spec:
        - registry-1.docker.io/cloudpirates
        - https://vmware-tanzu.github.io/helm-charts/
        - https://helm.runix.net
+        - https://rcourtman.github.io/Pulse
--- a/k8s/services/pulse/ds.yaml
+++ b/k8s/services/pulse/ds.yaml
@ -0,0 +1,105 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pulse-agent
+  namespace: apps-fuku
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pulse-agent-read
+rules:
+  - apiGroups: [""]
+    resources: ["nodes", "pods"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: pulse-agent-read
+subjects:
+  - kind: ServiceAccount
+    name: pulse-agent
+    namespace: apps-fuku
+roleRef:
+  kind: ClusterRole
+  name: pulse-agent-read
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: pulse-agent
+  namespace: apps-fuku
+spec:
+  selector:
+    matchLabels:
+      app: pulse-agent
+  template:
+    metadata:
+      labels:
+        app: pulse-agent
+    spec:
+      serviceAccountName: pulse-agent
+      containers:
+        - name: pulse-agent
+          image: rcourtman/pulse:v5.0.17
+          command: ["/opt/pulse/bin/pulse-agent-linux-amd64"]
+          args:
+            - --enable-kubernetes
+          env:
+            - name: PULSE_URL
+              value: "https://pulse.fukurokuju.dev"
+            - name: PULSE_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: pulse-agent-secrets
+                  key: PULSE_TOKEN
+            - name: PULSE_AGENT_ID
+              value: "k8s-cluster"
+            - name: PULSE_ENABLE_HOST
+              value: "true"
+            - name: HOST_PROC
+              value: "/host/proc"
+            - name: HOST_SYS
+              value: "/host/sys"
+            - name: HOST_ETC
+              value: "/host/etc"
+            - name: PULSE_KUBE_INCLUDE_ALL_PODS
+              value: "true"
+            - name: PULSE_KUBE_INCLUDE_ALL_DEPLOYMENTS
+              value: "true"
+          securityContext:
+            privileged: true
+          resources:
+            requests:
+              cpu: 50m
+              memory: 128Mi
+            limits:
+              memory: 512Mi
+          volumeMounts:
+            - name: host-proc
+              mountPath: /host/proc
+              readOnly: true
+            - name: host-sys
+              mountPath: /host/sys
+              readOnly: true
+            - name: host-root
+              mountPath: /host/root
+              readOnly: true
+      volumes:
+        - name: host-proc
+          hostPath:
+            path: /proc
+        - name: host-sys
+          hostPath:
+            path: /sys
+        - name: host-root
+          hostPath:
+            path: /
+      tolerations:
+        - operator: Exists
--- a/k8s/services/pulse/sealedsecrets.yaml
+++ b/k8s/services/pulse/sealedsecrets.yaml
@ -0,0 +1,17 @@
+# yamllint disable rule:line-length
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: pulse-agent-secrets
+  namespace: apps-fuku
+spec:
+  encryptedData:
+    PULSE_TOKEN: AgBBxrJ80IpJ0RvYKQuN6p3G8vIdSL9nESO9OTAR0NiMjSGZNbNEELKE/a1f2ixQUSsNc/k31c+7GlAi+8PmNC4c7rmRJTe+z3uO/BNNLYeTi7DsEk9/oJZTWn7iOcLogiZJQKxbGozCp/S8zrWisH67N2ZHmzz5UEJAzq57+fBEyAk22/WR0QMfW3oOYHGZFNR5AdAxrdfyRwTvSEOz4R2YlrQKRtOFVIPG/aEaAn42AGYfrq2cLVEiCygjE+8nZQ62TMmQqMiwiCjk5do9uRhhiRimuD78FrNnFU5dSwe/11ji5sSrEPjszPB8O0TBbsCssxfz48cKRm/6IdI9B5pKHYob68Ed8u5UgpRU/ZhUWJLyXuZF/Tgw+WcIsVkQXb3eqQTARBeZueugnA23lnzxh5gjR17wjPw7ePYaLiUWTYikOK5HvgpJyiuB0ev2cjGSqYeeAAn5ewCGM/NODXUAlFdC+N9S7ft1+chJrHoaXgHy8J9LWm/maKW99+yT08a68RvGGoZtFPZNlFjzurNF6EY9SLUFf0RLzShkyq6uuOzLm8gENyDIQ+Ru7wWEwyEcUz4ceAR5I78k0gCIDR1o4Ti22asdbRjMptZdOTbep+PWmu2K1oUvxXtXwgKkn8pvTkJpcdejqehnYPWfRAI3Guxi7LQDf++yShKS1NdXMdjhtFoNLa03xHM/G94sF3/mnJwivNhur1V7iC1yCY5NlruPr4KCd5AgOnKqoreRRvRbCVlFO1mtP6XV4sjqEIhmZyXWFJ76bwAC+hxSlFzL
+  template:
+    metadata:
+      creationTimestamp: null
+      name: pulse-agent-secrets
+      namespace: apps-fuku
+    type: Opaque
--- a/tofu/adguard/main.tf
+++ b/tofu/adguard/main.tf
@ -85,8 +85,12 @@ resource "adguard_rewrite" "master2" {
  answer = "192.168.1.32"
 }

-
 resource "adguard_rewrite" "k3m3" {
  domain = "k3m3.fuku"
  answer = "192.168.1.43"
 }
+
+resource "adguard_rewrite" "pulse" {
+  answer = "pulse.fukurokuju.dev"
+  domain = "192.168.1.12"
+}
--- a/tofu/authentik/main.tf
+++ b/tofu/authentik/main.tf
@ -260,3 +260,15 @@ module "jellyseerr" {
  app_description     = "Solicita series, animes y pelis para ser añadidas automáticamente a Jellyfin"
  app_access_group_id = authentik_group.arrs.id
 }
+
+module "pulse" {
+  source              = "../modules/authentik-oidc"
+  app_name            = "Pulse"
+  app_slug            = "pulse"
+  app_url             = "https://pulse.fukurokuju.dev"
+  client_id           = var.pulse_client_id
+  client_secret       = var.pulse_client_secret
+  app_icon            = "https://pulse.fukurokuju.dev/logo.svg"
+  redirect_uris       = [{ matching_mode = "strict", url = "https://pulse.fukurokuju.dev/api/oidc/callback" }]
+  app_access_group_id = authentik_group.admins.id
+}
--- a/tofu/authentik/sample.env
+++ b/tofu/authentik/sample.env
@ -16,3 +16,5 @@ TF_VAR_tandoor_client_id=
 TF_VAR_tandoor_client_secret=
 TF_VAR_ganymede_client_id=
 TF_VAR_ganymede_client_secret=
+TF_VAR_pulse_client_id=
+TF_VAR_pulse_client_secret=
--- a/tofu/authentik/vars.tf
+++ b/tofu/authentik/vars.tf
@ -78,3 +78,13 @@ variable "ganymede_client_secret" {
  description = "Ganymede client secret"
  type        = string
 }
+
+variable "pulse_client_id" {
+  description = "Pulse client ID"
+  type        = string
+}
+
+variable "pulse_client_secret" {
+  description = "Pulse client secret"
+  type        = string
+}