Compare commits

...

17 commits

Author SHA1 Message Date
586b1fec1f
Merge branch 'main' into general-version-cleanup 2024-11-14 21:06:21 +00:00
f4b6f82d6d
Merge pull request 'chore(hashr): general additions and changes for the earlier unfinished chart' (#123) from hashr-complete-chart into main
Reviewed-on: #123
2024-11-14 20:45:50 +00:00
b2812a774c
chore(hashr): rework values, add zip cronjob, other fixes 2024-11-14 21:31:22 +01:00
dd5af0e962
chore(hashr): claim name was wrong 2024-11-14 20:53:39 +01:00
42e8b4009d
chore(hashr): general additions and changes for the earlier unfinished chart 2024-11-14 20:39:37 +01:00
1dfde2eb7a
chore(hashr): general additions and changes for the earlier unfinished chart 2024-11-14 20:35:45 +01:00
ede63a12c3
Merge pull request 'chore: general chart syntax fixes' (#122) from general-version-cleanup into main
Reviewed-on: #122
2024-11-14 19:20:51 +00:00
ea295c539c
Merge pull request 'remove-hibernating-charts' (#121) from remove-hibernating-charts into main
Reviewed-on: #121
2024-11-14 18:37:30 +00:00
7768df54fa
chore: remove clutch since it was never put to use 2024-11-14 19:35:45 +01:00
4d02d60eaf
chore(repo): cleanup unused repos 2024-11-14 17:30:53 +01:00
7a7cea0df5
chore(repo): cleanup unused repos and update release workflow 2024-11-14 17:30:00 +01:00
99a5dddc43
chore: limit chart validation to branches 2024-11-12 21:33:03 +01:00
5d5510e526
Merge pull request 'Update charts/immich/values.yaml' (#118) from tommy-patch-1 into main
Reviewed-on: tommy/charts#118
2024-11-12 20:28:28 +00:00
f01c7f89d9
Update charts/immich/values.yaml 2024-11-12 20:28:14 +00:00
7357bc725c
Merge pull request 'Update .forgejo/workflows/release-charts.yaml' (#117) from tommy-patch-1 into main
Reviewed-on: tommy/charts#117
2024-11-12 20:27:54 +00:00
19a4679da5
Update .forgejo/workflows/release-charts.yaml 2024-11-12 20:27:41 +00:00
cf56e6a6e4
Merge pull request 'chore(immich): audit compliance updates' (#116) from immich-update into main
Reviewed-on: tommy/charts#116
2024-11-12 20:24:40 +00:00
8 changed files with 323 additions and 20 deletions

View file

@ -7,7 +7,7 @@ description: |
# renovate: image=us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
appVersion: "20240508"
type: application
version: 0.2.1
version: 0.2.2
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -0,0 +1,73 @@
# Recommended start size of pvc is 20GB
existingPVC: ""
existingSecretName: hashr-secret
initContainers:
dbInit:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
existingSecretName: hashr-postgres-init-secret
postgres:
hostname: "postgres-rw.databases.svc.cluster.local"
database_name: "hashr"
port: "5432"
secretName: hashr-secret
image:
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
pullPolicy: IfNotPresent
tag: latest
# imagePullSecrets:
# - myRegistryKeySecretName
imagePullSecrets: []
hashr:
importers:
zip:
enabled: false
schedule: "0 3 * * 6"
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
aws:
# TODO: Add cronjob file!
enabled: false
schedule: "0 9 * * 1"
gcp:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 1"
gcp_projects: ""
hashr_gcp_project: ""
hashr_gcs_bucket: ""
targz:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 2"
windows:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 3"
wsus:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 4"
rpm:
enabled: false
schedule: "0 3 * * 5"
gcr:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 7"
iso9660:
enabled: false
schedule: "0 15 * * 1"
deb:
enabled: false
schedule: "0 15 * * 2"

View file

@ -42,4 +42,11 @@ Create the upload path.
*/}}
{{- define "hashr.uploadPath" -}}
{{- printf "/data/upload" }}
{{- end }}
{{/*
Create the data path.
*/}}
{{- define "hashr.dataPath" -}}
{{- printf "/data/processing" }}
{{- end }}

View file

@ -0,0 +1,79 @@
{{- if .Values.hashr.importers.zip.enabled -}}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ .Release.Name }}-hashr-zip
spec:
schedule: {{ .Values.hashr.importers.zip.schedule | quote }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
metadata:
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
priorityClassName: {{ .Values.priorityClassName | default "default" }}
containers:
- name: hashr-zip
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: IfNotPresent
args:
- --logtostderr=1
- -storage
- postgres
- -exporters
- postgres
- -postgres_host
- "$(POSTGRES_HOST)"
- -postgres_port
- "$(POSTGRES_PORT)"
- -postgres_user
- "$(POSTGRES_USERNAME)"
- -postgres_password
- "$(POSTGRES_PASSWORD)"
- -postgres_db
- "$(POSTGRES_DATABASE)"
- -importers
- zip
- -zip_repo_path
- {{ (include "hashr.dataPath" .) }}/zip/
env:
- name: POSTGRES_USERNAME
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.secretName }}
key: POSTGRES_USERNAME
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.secretName }}
key: POSTGRES_PASSWORD
- name: POSTGRES_HOST
value: {{ .Values.postgres.host }}
- name: POSTGRES_PORT
value: {{ .Values.postgres.port }}
- name: POSTGRES_DATABASE
value: {{ .Values.postgres.database }}
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
resources:
{{- toYaml .Values.hashr.importers.zip.resources | nindent 14 }}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
restartPolicy: Never
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ .Values.existingPVC }}
readOnly: false
{{- end }}

View file

@ -0,0 +1,42 @@
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "hashr.fullname" . }}-db-init
labels:
{{- include "hashr.labels" . | nindent 4 }}
spec:
template:
spec:
restartPolicy: Never
automountServiceAccountToken: false
priorityClassName: "high-priority"
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
containers:
- name: general-db-init
image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}"
imagePullPolicy: IfNotPresent
env:
- name: INIT_POSTGRES_HOST
value: {{ .Values.postgres.host }}
envFrom:
- secretRef:
name: {{ .Values.initContainers.dbInit.existingSecretName }}
securityContext:
runAsUser: 1000
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
resources:
requests:
memory: "512Mi"
cpu: "250m"
limits:
memory: "1Gi"
cpu: "500m"
backoffLimit: 3

View file

@ -1,19 +0,0 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ .Release.Name }}-hashr-data-manager
spec:
containers:
- name: hashr-data-manager
image: busybox:latest
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "while true; do sleep 1800; done;"]
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
restartPolicy: Always
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ include "hashr.pvc.name" . }}
readOnly: false

View file

@ -0,0 +1,48 @@
apiVersion: v1
kind: Pod
metadata:
name: {{ .Release.Name }}-hashr-data-manager
labels:
app.kubernetes.io/instance: {{ .Release.Name }}
spec:
serviceAccountName: {{ include "hashr.fullname" . }}
automountServiceAccountToken: false
priorityClassName: {{ .Values.priorityClassName | default "default" }}
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: {{ .Release.Name }}
containers:
- name: hashr-data-manager
image: busybox:stable
imagePullPolicy: IfNotPresent
command: ["sh", "-c", "while true; do sleep 1800; done;"]
volumeMounts:
- name: hashrvolume
mountPath: {{ (include "hashr.dataPath" .) | quote }}
resources:
limits:
cpu: "500m"
memory: "512Mi"
requests:
cpu: "250m"
memory: "256Mi"
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: RuntimeDefault
initialDelaySeconds: 5
periodSeconds: 10
restartPolicy: Always
volumes:
- name: hashrvolume
persistentVolumeClaim:
claimName: {{ .Values.existingPVC }}
readOnly: false

73
charts/hashr/values.yaml Normal file
View file

@ -0,0 +1,73 @@
# Recommended start size of pvc is 20GB
existingPVC: ""
existingSecretName: hashr-secret
initContainers:
dbInit:
image:
repository: ghcr.io/onedr0p/postgres-init
tag: "16"
existingSecretName: hashr-postgres-init-secret
postgres:
hostname: "postgres-rw.databases.svc.cluster.local"
database_name: "hashr"
port: "5432"
secretName: hashr-secret
image:
repository: us-docker.pkg.dev/osdfir-registry/hashr/release/hashr
pullPolicy: IfNotPresent
tag: latest
# imagePullSecrets:
# - myRegistryKeySecretName
imagePullSecrets: []
hashr:
importers:
zip:
enabled: false
schedule: "0 3 * * 6"
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 50m
memory: 128Mi
aws:
# TODO: Add cronjob file!
enabled: false
schedule: "0 9 * * 1"
gcp:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 1"
gcp_projects: ""
hashr_gcp_project: ""
hashr_gcs_bucket: ""
targz:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 2"
windows:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 3"
wsus:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 4"
rpm:
enabled: false
schedule: "0 3 * * 5"
gcr:
# TODO: Add cronjob file!
enabled: false
schedule: "0 3 * * 7"
iso9660:
enabled: false
schedule: "0 15 * * 1"
deb:
enabled: false
schedule: "0 15 * * 2"