Compare commits

...

2 commits

19 changed files with 16 additions and 556 deletions

View file

@ -4,7 +4,7 @@
<div align="center">
<img src="https://helm.sh/img/helm.svg" align="center" width="144px" height="144px"/>
<h3>Minimal and Opinionated Helm Charts</h3>
<p><i>... powered by a Norwegian bear 🐻</i></p>
<p><i>... powered by a Norwegian whales and bears</i></p>
</div>
<p>&nbsp;</p>
@ -30,7 +30,13 @@ Below you'll find an overview of the charts and an intro to get you started.
🟢 [Matrix Synapse](charts/matrix-synapse): An end-to-end encrypted, open source (not free) and UX-friendly alternative to Slack, Teams and Mattermost. I currently have simplified and use this. Based on the chart by ananace.
🟢 [Matrix Synapse](charts/sliding-sync-proxy): A proxy to Matrix servers for the new Element X client.
🟢 [Sliding Sync Proxy](charts/sliding-sync-proxy): A proxy to Matrix servers for the new Element X client.
🟢 [Matrix Authentication Service](charts/matrix-authentication-service): Matrix auth system implementing MSC3861
🟢 [Maubot](charts/maubot): Matrix bot system.
🟢 [nfty.sh](charts/nfty-sh): Push notification server for clients and phones.
🟢 [Dispatch](charts/dispatch): A incident management and coordination system developed by Netflix.
@ -38,96 +44,12 @@ Below you'll find an overview of the charts and an intro to get you started.
🚧 [Attic](charts/attic): Nix Binary Cache server that reduces the time to compile and distribute builds ([intro post](https://discourse.nixos.org/t/introducing-attic-a-self-hostable-nix-binary-cache-server/24343))
🚧 [Matrix Authentication Service](charts/matrix-authentication-service): Matrix auth system implementing MSC3861
🚧 [Maubot](charts/maubot): Matrix bot system.
🚧 [nfty.sh](charts/nfty-sh): Push notification server for clients and phones.
🚧 [Element Call](charts/element-call): WebRTC server for calls and video using Matrix for signalling. Not functional atm.
⚠️ [Conduit](charts/conduit): An efficient and self-contained Matrix server using an embedded RocksDB database. Currently I use Synapse instead.
⚠️ [Netbox](charts/netbox): Modeling and docs for IP address management (IPAM) and datacenter infrastructure management (DCIM). This deploys ok but has a few moving parts.
### Requirements
You may need to bring your own:
- S3 compatible object storage
- Block storage
- PostgreSQL, such as Cloudnative-PG
- Redis-compatible server, such as Dragonfly
All tests are run on the latest version of Kubernetes and Helm and no consideration is taken to vendor-specific implementations.
### Principles
So what makes this repo different from others? It is KISS-Safe of course.
- Secrets and ingresses are defined external from the chart
- Expect that an ingress terminates external connection and TLS
- Object storage over block storage when possible
- Never rely on vendor-specific components
- Prefer open source
- No plaintext secrets - be sane
- Leaving room for initContainers
- Use as few values as possible in values.yaml (making sane choices)
- Use external databases and transports
- Configure for OIDC when possible
- The values file should be possible to read up on in minutes
- Only support the current major version of Kubernetes and application
- Enable service accounts
- Use semver for versioning
- Charts should install on a small scale by default
- Charts are validated for structure, security and syntax before compilation
- Regardless of journey level everyone should be able to read or learn the chart
Some of these principles are implicit and means you'll have to deploy with e.g. kustomize to get going.
If you see a chart that does not comply with these principles, please open an issue.
### 🧑‍💻 Usage
#### Exploration
You can explore this repo by using the following commands if you have the Kubernetes package manager installed:
```shell
# add the package source
helm repo add 252 https://charts.253.no
# or update the repo
helm repo update 252
# search for a specific chart
helm search repo dispatch
# or list all available charts
helm search repo 252 -l
# show configuration options
helm show values 252/dispatch
# install a chart
helm install dispatch helm-charts/charts/dispatch --namespace=toolbox
````
#### As-code with FluxCD
First take care to setup the chart:
```yaml
apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository
metadata:
name: 252-charts
namespace: flux-system
spec:
interval: 15m
url: https://charts.253.no
```
A reference kustomization directory is shown in [./kustomization-components](./kustomization-components).
## 🤩 Licenses and Gratitude
Parts of the repo was inspired by [ananace](https://gitlab.com/ananace/charts) (some parts imported and rewritten).

View file

@ -1,67 +0,0 @@
The changelog is automatically generated using [git-chglog](https://github.com/git-chglog/git-chglog) and it follows [Keep a Changelog](https://keepachangelog.com) format.
<a name="attic-0.2.4"></a>
## [attic-0.2.4] - 2024-04-13
### Testing
- bump version to build
<a name="attic-0.2.3"></a>
## [attic-0.2.3] - 2024-04-10
### Chores
- bump version
### Docs
- remove nonfunc comment
- update readme to add maubot and remove md which was generated locally for testing.
### Features
- formatting of release notes
<a name="attic-0.2.2"></a>
## [attic-0.2.2] - 2024-04-09
### Chores
- **attic:** cleanup config
### Features
- add conformity with tests according to Helm spec and changelog to releases. Bump versions of all charts.
- **attic:** move from static resource config to source from values. Was already present in values.
<a name="attic-0.1.5"></a>
## [attic-0.1.5] - 2024-04-09
### Chores
- bump to trigger build test
### Features
- introduce new helm release workflow
<a name="attic-0.1.2"></a>
## [attic-0.1.2] - 2024-04-09
### Bug Fixes
- **attic:** remove variable that was redundant and referenced the wrong value
- **attic:** remove variable that was redundant and referenced the wrong value
<a name="attic-0.1.1"></a>
## [attic-0.1.1] - 2024-04-08
### Bug Fixes
- **atticd:** bump version
- **atticd:** fix path
<a name="attic-0.1.0"></a>
## [attic-0.1.0] - 2024-04-08
### Features
- add initial attic chart
<a name="attic-repo-0.5.1"></a>
## [attic-repo-0.5.1] - 2023-12-25
<a name="attic-repo-0.5.0"></a>
## [attic-repo-0.5.0] - 2023-12-25
<a name="attic-repo-0.5"></a>
## attic-repo-0.5 - 2023-10-28
[attic-0.2.4]: https://github.com/tommy-skaug/charts/compare/attic-0.2.3...attic-0.2.4
[attic-0.2.3]: https://github.com/tommy-skaug/charts/compare/attic-0.2.2...attic-0.2.3
[attic-0.2.2]: https://github.com/tommy-skaug/charts/compare/attic-0.1.5...attic-0.2.2
[attic-0.1.5]: https://github.com/tommy-skaug/charts/compare/attic-0.1.2...attic-0.1.5
[attic-0.1.2]: https://github.com/tommy-skaug/charts/compare/attic-0.1.1...attic-0.1.2
[attic-0.1.1]: https://github.com/tommy-skaug/charts/compare/attic-0.1.0...attic-0.1.1
[attic-0.1.0]: https://github.com/tommy-skaug/charts/compare/attic-repo-0.5.1...attic-0.1.0
[attic-repo-0.5.1]: https://github.com/tommy-skaug/charts/compare/attic-repo-0.5.0...attic-repo-0.5.1
[attic-repo-0.5.0]: https://github.com/tommy-skaug/charts/compare/attic-repo-0.5...attic-repo-0.5.0

View file

@ -4,7 +4,7 @@ description: A Nix binary caching server
# renovate: image=ghcr.io/zhaofengli/attic
appVersion: 4dbdbee45728d8ce5788db6461aaaa89d98081f0
type: application
version: 0.2.5
version: 0.2.6
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -4,7 +4,7 @@ description: Toolset of DFIR tools
# renovate: image=ghcr.io/google/grr
appVersion: "20240508"
type: application
version: 0.2.1
version: 0.2.2
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -1,8 +0,0 @@
## Debugging
```sh
task flux:sync
kubectl annotate es timesketch-conf force-sync=$(date +%s) --overwrite -n sec-forensics
```

View file

@ -5,7 +5,7 @@ name: linkding
description: A Helm chart for linkding
# renovate: image=sissbruecker/linkding
appVersion: "1.36.0"
version: 2.0.4
version: 2.0.5
sources:
- https://code.252.no/tommy/helm-charts
- https://github.com/sissbruecker/linkding

View file

@ -1,99 +0,0 @@
# [`linkding`](https://charts.pascaliske.dev/charts/linkding/)
> A Helm chart for linkding
[![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/linkding/)[![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/linkding/)[![AppVersion: 1.22.1](https://img.shields.io/badge/AppVersion-1.22.1-informational?style=flat-square) ](https://charts.pascaliske.dev/charts/linkding/)
* <https://github.com/pascaliske/helm-charts>
* <https://github.com/sissbruecker/linkding>
## Requirements
- [`helm`](https://helm.sh) - Refer to their [docs](https://helm.sh/docs) to get started.
## Usage
To use this chart add the repo as follows:
```sh
helm repo add pascaliske https://charts.pascaliske.dev
```
If you had already added this repo earlier, run `helm repo update` to retrieve the latest versions of the packages.
To install this chart simply run the following command:
```sh
helm install linkding pascaliske/linkding
```
To uninstall this chart simply run the following command:
```sh
helm delete linkding
```
## Values
The following values can be used to adjust the helm chart.
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| additionalContainers | object | `{}` | Specify any additional containers here as dictionary items - each should have it's own key. |
| affinity | object | `{}` | Pod-level affinity. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling). |
| certificate.annotations | object | `{}` | Additional annotations for the certificate object. |
| certificate.create | bool | `false` | Create an Certificate object for the exposed chart. |
| certificate.dnsNames | list | `[]` | List of subject alternative names for the certificate. |
| certificate.issuerRef.kind | string | `"ClusterIssuer"` | Type of the referenced certificate issuer. Can be "Issuer" or "ClusterIssuer". |
| certificate.issuerRef.name | string | `""` | Name of the referenced certificate issuer. |
| certificate.labels | object | `{}` | Additional labels for the certificate object. |
| certificate.secretName | string | `""` | Name of the secret in which the certificate will be stored. Defaults to the first item in dnsNames. |
| controller.annotations | object | `{}` | Additional annotations for the controller object. |
| controller.enabled | bool | `true` | Create a workload for this chart. |
| controller.kind | string | `"Deployment"` | Type of the workload object. |
| controller.labels | object | `{}` | Additional labels for the controller object. |
| controller.replicas | int | `1` | The number of replicas. |
| env[0] | object | `{"name":"TZ","value":"UTC"}` | Timezone for the container. |
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | The pull policy for the controller. |
| image.repository | string | `"sissbruecker/linkding"` | The repository to pull the image from. |
| image.tag | string | `.Chart.AppVersion` | The docker tag, if left empty chart's appVersion will be used. |
| ingressRoute.annotations | object | `{}` | Additional annotations for the ingress route object. |
| ingressRoute.create | bool | `false` | Create an IngressRoute object for exposing this chart. |
| ingressRoute.entryPoints | list | `[]` | List of [entry points](https://doc.traefik.io/traefik/routing/routers/#entrypoints) on which the ingress route will be available. |
| ingressRoute.labels | object | `{}` | Additional labels for the ingress route object. |
| ingressRoute.middlewares | list | `[]` | List of [middleware objects](https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-middleware) for the ingress route. |
| ingressRoute.rule | string | `""` | [Matching rule](https://doc.traefik.io/traefik/routing/routers/#rule) for the underlying router. |
| ingressRoute.tlsSecretName | string | `""` | Use an existing secret containing the TLS certificate. |
| nameOverride | string | `""` | |
| persistentVolumeClaim.accessMode | string | `"ReadWriteOnce"` | Access mode of the persistent volume claim object. |
| persistentVolumeClaim.annotations | object | `{}` | Additional annotations for the persistent volume claim object. |
| persistentVolumeClaim.create | bool | `true` | Create a new persistent volume claim object. |
| persistentVolumeClaim.existingPersistentVolumeClaim | string | `""` | Use an existing persistent volume claim object. |
| persistentVolumeClaim.labels | object | `{}` | Additional labels for the persistent volume claim object. |
| persistentVolumeClaim.mountPath | string | `"/etc/linkding/data"` | Mount path of the persistent volume claim object. |
| persistentVolumeClaim.size | string | `"1Gi"` | Storage request size for the persistent volume claim object. |
| persistentVolumeClaim.storageClassName | string | `""` | Storage class name for the persistent volume claim object. |
| persistentVolumeClaim.volumeMode | string | `"Filesystem"` | Volume mode of the persistent volume claim object. |
| ports.http.enabled | bool | `true` | Enable the port inside the `controller` and `Service` objects. |
| ports.http.nodePort | string | `nil` | The external port used if `.service.type` == `NodePort`. |
| ports.http.port | int | `9090` | The port used as internal port and cluster-wide port if `.service.type` == `ClusterIP`. |
| ports.http.protocol | string | `"TCP"` | The protocol used for the service. |
| resources | object | `{}` | Compute resources used by the container. More info [here](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). |
| securityContext | object | `{}` | Pod-level security attributes. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context). |
| service.annotations | object | `{}` | Additional annotations for the service object. |
| service.enabled | bool | `true` | Create a service for exposing this chart. |
| service.labels | object | `{}` | Additional labels for the service object. |
| service.type | string | `"ClusterIP"` | The service type used. |
| serviceAccount.name | string | `""` | Specify the service account used for the controller. |
| tolerations | list | `[]` | Pod-level tolerations. More info [here](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling). |
## Maintainers
| Name | Email | Url |
| ---- | ------ | --- |
| pascaliske | <info@pascaliske.dev> | <https://pascaliske.dev> |
## License
[MIT](../LICENSE.md) © 2023 [Pascal Iske](https://pascaliske.dev)

View file

@ -1,48 +0,0 @@
The changelog is automatically generated using [git-chglog](https://github.com/git-chglog/git-chglog) and it follows [Keep a Changelog](https://keepachangelog.com) format.
<a name="matrix-synapse-4.2.1"></a>
## [matrix-synapse-4.2.1] - 2024-04-13
### Features
- add podmonitors to synapse and ntfy
### Testing
- bump version to build
<a name="matrix-synapse-4.1.0"></a>
## [matrix-synapse-4.1.0] - 2024-04-09
### Features
- add conformity with tests according to Helm spec and changelog to releases. Bump versions of all charts.
<a name="matrix-synapse-4.0.8"></a>
## [matrix-synapse-4.0.8] - 2024-01-18
<a name="matrix-synapse-4.0.7"></a>
## [matrix-synapse-4.0.7] - 2024-01-18
<a name="matrix-synapse-4.0.5"></a>
## [matrix-synapse-4.0.5] - 2024-01-18
<a name="matrix-synapse-4.0.4"></a>
## [matrix-synapse-4.0.4] - 2024-01-18
<a name="matrix-synapse-4.0.1"></a>
## [matrix-synapse-4.0.1] - 2024-01-17
<a name="matrix-synapse-4.0.0"></a>
## [matrix-synapse-4.0.0] - 2024-01-17
<a name="matrix-synapse-3.7.8"></a>
## matrix-synapse-3.7.8 - 2023-10-20
### Bug Fixes
- **matrix-synapse:** replace 8008 with port variable
- **values:** update spacing
### Features
- **ingress:** update capability names and add ingressClassName
[matrix-synapse-4.2.1]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-4.1.0...matrix-synapse-4.2.1
[matrix-synapse-4.1.0]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-4.0.8...matrix-synapse-4.1.0
[matrix-synapse-4.0.8]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-4.0.7...matrix-synapse-4.0.8
[matrix-synapse-4.0.7]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-4.0.5...matrix-synapse-4.0.7
[matrix-synapse-4.0.5]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-4.0.4...matrix-synapse-4.0.5
[matrix-synapse-4.0.4]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-4.0.1...matrix-synapse-4.0.4
[matrix-synapse-4.0.1]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-4.0.0...matrix-synapse-4.0.1
[matrix-synapse-4.0.0]: https://github.com/tommy-skaug/charts/compare/matrix-synapse-3.7.8...matrix-synapse-4.0.0

View file

@ -5,7 +5,7 @@ type: application
icon: https://matrix.org/images/matrix-logo.svg
# renovate: image=ghcr.io/element-hq/synapse
appVersion: v1.104.0
version: 4.2.2
version: 4.2.3
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -1,95 +0,0 @@
Matrix Synapse
==============
pip3 install pynacl
[Synapse](https://github.com/matrix-org/synapse) is the current reference implementation of the [Matrix protocol](https://matrix.org).
For questions/help on the chart, feel free to drop in at [#matrix-on-kubernetes:fiksel.info](https://matrix.to/#/#matrix-on-kubernetes:fiksel.info).
This chart is hosted [on GitLab](https://gitlab.com/ananace/charts).
__Attention:__ _The upgrade to 1.51.0 requires manual action, please read the upgrade instructions [below](#upgrading)._
## Prerequisites
- Kubernetes 1.20+
- Helm 3.0+
- Ingress installed in the cluster
**NB**; Matrix requires the use of valid SSL certificates for federation.
## Installing
To run a federating Matrix server, you need to have a publicly accessible subdomain that Kubernetes has an ingress on.
You will also require some federation guides, either in the form of a `.well-known/matrix/server` server or as an SRV record in DNS.
When using a well-known entry, you will need to have a valid cert for whatever subdomain you wish to serve Synapse on.
When using an SRV record, you will additionally need a valid cert for the main domain that you're using for your MXIDs.
## Installation Examples
Refer to [the main Synapse docs](https://github.com/matrix-org/synapse/blob/master/docs/federate.md) for more information.
### On main domain / with subdomain MXIDs
For the simplest possible Matrix install, you can run your Synapse install on the root of the domain you wish in your MXIDs.
If you - for instance - own the domain `chosenin.space` and want to run Matrix on it, you would simply install the chart as;
helm install matrix-synapse ananace-charts/matrix-synapse --set serverName=chosenin.space --set wellknown.enabled=true
This would set up Synapse with client-server and federation both exposed on `chosenin.space/_matrix`, as well as a tiny lighttpd server that responds to federation lookups on `chosenin.space/.well-known/matrix/server`.
You can also use this to run a Synapse on a subdomain, with said subdomain as part of your MXIDs; (`@user:matrix.chosenin.space` in this case)
helm install matrix-synapse ananace-charts/matrix-synapse --set serverName=matrix.chosenin.space --set wellknown.enabled=true
### On separate subdomain
If - on the other hand - you own the domain `example.com`, want your MXIDs in the form `@user:example.com`, but still want to run your Synapse on `matrix.example.com`. Then you have two options, using either DNS or well-known;
For DNS, you could install the chart as;
helm install matrix-synapse ananace-charts/matrix-synapse --set serverName=example.com --set publicServerName=matrix.example.com
This will add federation endpoints to `example.com`, along with client endpoints on `matrix.example.com`. For this to work, you will need to have valid certs for both `example.com` as well as `matrix.example.com` for your Synapse to use.
To get federation working with such a setup, you would also need to add an SRV record to your DNS - for example;
_matrix._tcp.example.com 10 1 443 matrix.example.com
If you want to use a well-known file for federation instead of an SRV record, then your install might look more like;
helm install matrix-synapse ananace-charts/matrix-synapse --set serverName=example.com --set publicServerName=matrix.example.com --set wellknown.enabled=true
With well-known federation, your client-to-server/public host is the one that needs to handle both client and federation traffic. On your main domain you'll instead only need something that can respond with a JSON file on the URL `example.com/.well-known/matrix/server` - which the included wellknown server will gladly do for you.
Additionally, when using well-known federation, your Synapse cert only needs to be valid for `matrix.example.com`.
&nbsp;
More advanced setups can be made using `ingress.hosts`, `ingress.csHosts`, and `ingress.wkHosts` for server-server, client-server, and well-known endpoints respectively.
Alternatively, you can use your own ingress setup, or switch the main service to `LoadBalancer` and add a TLS listener.
### Application services / extra config files
Synapse is configured to read all configuration files found under `/synapse/config/conf.d/` - which is mounted as an emptyDir to allow for read-only root.
You can mount your additional configuration values under here if you want to have configuration that doesn't map well to the `extraConfig`/`extraSecrets` values.
Note that due to how the mounts are set up, you will have to `subPath`-mount individual files into the folder in order for them to be loaded.
## Upgrading
### To v1.51.0
The redis subchart was upgraded in this release which changed immutable values of the StatefulSet. So, to perform this upgrade, perform the following steps. Make sure to adapt the names and arguments to your situation.
```
# Delete the old StatefulSet but leave the Pod alive
kubectl delete statefulset --cascade=orphan matrix-synapse-redis-master
# Upgrade the chart and create a new StatfulSet for redis
helm upgrade matrix-synapse matrix-synapse
# Delete the old Pod so the new StatefulSet can take over
kubectl delete pod matrix-synapse-redis-master-0
```

View file

@ -1,64 +0,0 @@
The changelog is automatically generated using [git-chglog](https://github.com/git-chglog/git-chglog) and it follows [Keep a Changelog](https://keepachangelog.com) format.
<a name="ntfy-sh-0.2.4"></a>
## [ntfy-sh-0.2.4] - 2024-04-13
### Bug Fixes
- issue with template and version of chart
<a name="ntfy-sh-0.2.3"></a>
## [ntfy-sh-0.2.3] - 2024-04-13
### Bug Fixes
- add missing name template var
<a name="ntfy-sh-0.2.2"></a>
## [ntfy-sh-0.2.2] - 2024-04-13
### Bug Fixes
- add missing selectorlabels for podmonitor and source image tag from chart
<a name="ntfy-sh-0.2.1"></a>
## [ntfy-sh-0.2.1] - 2024-04-13
### Features
- add podmonitors to synapse and ntfy
<a name="ntfy-sh-0.2.0"></a>
## [ntfy-sh-0.2.0] - 2024-04-09
### Features
- add conformity with tests according to Helm spec and changelog to releases. Bump versions of all charts.
<a name="ntfy-sh-0.1.5"></a>
## [ntfy-sh-0.1.5] - 2024-04-06
### Bug Fixes
- add missing service account for ntfy and paperless
<a name="ntfy-sh-0.1.4"></a>
## [ntfy-sh-0.1.4] - 2024-04-06
### Bug Fixes
- quote bool for ntfy
<a name="ntfy-sh-0.1.3"></a>
## [ntfy-sh-0.1.3] - 2024-04-06
### Bug Fixes
- labels and selectors on ntfy
<a name="ntfy-sh-0.1.2"></a>
## [ntfy-sh-0.1.2] - 2024-04-06
### Bug Fixes
- change ntfy-sh to ntfy to try get out of template missing
- Typo nfty -> ntfy
<a name="ntfy-sh-0.1.1"></a>
## [ntfy-sh-0.1.1] - 2024-04-06
<a name="ntfy-sh-0.1.0"></a>
## ntfy-sh-0.1.0 - 2024-04-06
[ntfy-sh-0.2.4]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.2.3...ntfy-sh-0.2.4
[ntfy-sh-0.2.3]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.2.2...ntfy-sh-0.2.3
[ntfy-sh-0.2.2]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.2.1...ntfy-sh-0.2.2
[ntfy-sh-0.2.1]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.2.0...ntfy-sh-0.2.1
[ntfy-sh-0.2.0]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.1.5...ntfy-sh-0.2.0
[ntfy-sh-0.1.5]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.1.4...ntfy-sh-0.1.5
[ntfy-sh-0.1.4]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.1.3...ntfy-sh-0.1.4
[ntfy-sh-0.1.3]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.1.2...ntfy-sh-0.1.3
[ntfy-sh-0.1.2]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.1.1...ntfy-sh-0.1.2
[ntfy-sh-0.1.1]: https://github.com/tommy-skaug/charts/compare/ntfy-sh-0.1.0...ntfy-sh-0.1.1

View file

@ -6,7 +6,7 @@ description: |
type: application
# renovate: image=binwiederhier/ntfy
appVersion: 2.11.0
version: 0.2.7
version: 0.2.8
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -5,7 +5,7 @@ description: |
A toolset of DFIR tools
# renovate: image=us-docker.pkg.dev/osdfir-registry/timesketch/timesketch
appVersion: "20241009"
version: 0.2.4
version: 0.2.5
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -1,8 +0,0 @@
## Debugging
```sh
task flux:sync
kubectl annotate es timesketch-conf force-sync=$(date +%s) --overwrite -n sec-forensics
```

View file

@ -5,7 +5,7 @@ description: |
# renovate: image=us-docker.pkg.dev/osdfir-registry/turbinia/release/turbinia-server
appVersion: "20240930"
type: application
version: 0.1.7
version: 0.1.8
maintainers:
- name: Tommy Skaug
email: tommy@skaug.me

View file

@ -1,8 +0,0 @@
## Debugging
```sh
task flux:sync
kubectl annotate es turbina-conf force-sync=$(date +%s) --overwrite -n sec-forensics
```

View file

@ -3,7 +3,7 @@ name: yeti
description: A Helm chart for Yeti Kubernetes deployments.
# renovate: image=yetiplatform/yeti
appVersion: 2.1.11
version: 1.0.4
version: 1.0.5
keywords:
- yeti
- dfir

View file

@ -1 +0,0 @@
* TODO figure out what the pvc was used for and if we can do without it

View file

@ -1,64 +0,0 @@
#+TITLE: Ingress
#+DATE: 2023-10-20
The charts maintains the internal networking and you wire the connection to the outside world.
I use two ingress classes: Tailscale and nginx, and you can wire a service by adding to kustomization
and [[https://fluxcd.io/][flux]] e.g. like the following.
** Nginx
To expose publicly via nginx:
#+BEGIN_SRC yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: matrix-synapse-ingress
namespace: messaging
annotations:
external-dns.alpha.kubernetes.io/target: ingress.${PUBLIC_DOMAIN}
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: matrix-synapse
port:
number: 8008
tls:
- hosts:
- matrix
#+END_SRC
** Tailscale
To use the [[https://tailscale.com/kb/1236/kubernetes-operator/][Tailscale operator]]:
#+BEGIN_SRC yaml
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hajimari-ingress
namespace: home
spec:
ingressClassName: tailscale
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: hajimari
port:
number: 3000
tls:
- hosts:
- apps
#+END_SRC