Update Helm release external-dns to v8

Signed-off-by: Martyn Ranyard <m@rtyn.berlin>

apps-kustomized/external-dns/kustomization.yaml

@@ -4,7 +4,7 @@ kind: Kustomization
 helmCharts:      
 - name: external-dns
   repo: https://charts.bitnami.com/bitnami
-  version: 8.7.6
+  version: 8.7.7
   releaseName: external-dns
   namespace: external-dns
   valuesInline:

apps-kustomized/files-web/ing.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
+    nginx.ingress.kubernetes.io/proxy-body-size: 700m
+  name: web-s3
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: files.martyn.berlin
+    http:
+      paths:
+      - backend:
+          service:
+            name: s3-nginx
+            port:
+              number: 80
+        path: /
+        pathType: Prefix
+  tls:
+  - hosts:
+    - files.martyn.berlin

apps-kustomized/files-web/nginx.yaml

@@ -0,0 +1,27 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: s3-nginx
+  name: s3-nginx
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: s3-nginx
+  template:
+    metadata:
+      creationTimestamp: null
+      labels:
+        app: s3-nginx
+    spec:
+      containers:
+      - image: nginx:1.27.4
+        name: nginx
+        volumeMounts:
+        - mountPath: /usr/share/nginx/html
+          name: s3
+      volumes:
+      - name: s3
+        persistentVolumeClaim:
+          claimName: smb-s3

apps-kustomized/files-web/pvc.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: smb-s3
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: smb-s3

apps-kustomized/files-web/svc.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: s3-nginx
+  name: s3-nginx
+spec:
+  internalTrafficPolicy: Cluster
+  ports:
+  - port: 80
+  selector:
+    app: s3-nginx

apps-kustomized/jellyfin/deployment.yaml

@@ -66,7 +66,7 @@ spec:
       dnsPolicy: ClusterFirst
       nodeSelector:
         intel.feature.node.kubernetes.io/gpu: "true"
-        kubernetes.io/hostname: talos-llu-kx3
+        kubernetes.io/hostname: talos-e48-wv7
       terminationGracePeriodSeconds: 30
       volumes:
       - name: jellyfin-config

apps-kustomized/lms/pvc.yaml

@@ -12,18 +12,6 @@ spec:
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
-metadata:
-  name: smb-oldmusic
-spec:
-  accessModes:
-  - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
-  storageClassName: smb-oldmusic
----
-apiVersion: v1
-kind: PersistentVolumeClaim
 metadata:
   name: logitech-media-server-config
 spec:

apps-kustomized/lms/statefulset.yaml

@@ -61,27 +61,14 @@ spec:
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
         volumeMounts:
-        - mountPath: /srv/squeezebox
-          name: config
-        - mountPath: /smbmusic
-          name: smbmusic
-        - mountPath: /smboldmusic
-          name: smboldmusic
-      dnsPolicy: ClusterFirst
-      initContainers:
-      - command:
-        - sh
-        - -c
-        - mkdir /smbmusic; mkdir -pv /config/playlists /config/config; chown -Rc 1000:1000
-          /config
-        image: doliana/logitech-media-server:2023_04_15-8.3.1
-        imagePullPolicy: IfNotPresent
-        name: init-config
-        terminationMessagePath: /dev/termination-log
-        terminationMessagePolicy: File
-        volumeMounts:
         - mountPath: /config
           name: config
+        - mountPath: /music
+          name: smbmusic
+        - mountPath: /playlist
+          name: config
+          subPath: playlist
+      dnsPolicy: ClusterFirst
       restartPolicy: Always
       schedulerName: default-scheduler
       terminationGracePeriodSeconds: 30
@@ -92,9 +79,6 @@ spec:
       - name: smbmusic
         persistentVolumeClaim:
           claimName: smb-music
-      - name: smboldmusic
-        persistentVolumeClaim:
-          claimName: smb-oldmusic
   updateStrategy:
     rollingUpdate:
       partition: 0

apps-kustomized/smb-storageclasses/sc-s3.yaml

@@ -0,0 +1,17 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: smb-s3
+provisioner: smb.csi.k8s.io
+parameters:
+  source: "//172.20.0.69/s3"
+  csi.storage.k8s.io/node-stage-secret-name: smb-creds
+  csi.storage.k8s.io/node-stage-secret-namespace: kube-system
+reclaimPolicy: Retain
+volumeBindingMode: Immediate
+mountOptions:
+  - dir_mode=0777
+  - file_mode=0777
+  - uid=1001
+  - gid=1001
+  - noperm

everything-app/app-ingress-nginx.yaml

@@ -37,6 +37,11 @@ spec:
           more_set_headers -a "X-Robots-Tag: anthropic-ai: none";
           more_set_headers -a "X-Robots-Tag: CCBot: none";
           more_set_headers -a "X-Robots-Tag: semrushbot: none";
+          more_set_headers -a "X-Robots-Tag: Amazonbot: none";
+          more_set_headers -a "X-Robots-Tag: dotbot: none";
+          more_set_headers -a "X-Robots-Tag: AhrefsBot: none";
+      - name: controller.config.block-user-agents
+        value: "~*Amazonbot,~*SemrushBot,~*DotBot,~*Ahrefsbot,~*GPT"
   syncPolicy:
     automated:
       selfHeal: true

everything-app/files-web.yaml

@@ -0,0 +1,17 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: files-web
+  namespace: argocd
+spec:
+  destination:
+    namespace: files-web
+    server: https://kubernetes.default.svc
+  project: apps
+  source:
+    path: apps-kustomized/files-web
+    repoURL: https://git.martyn.berlin/martyn/infra4talos
+    targetRevision: HEAD
+  syncPolicy:
+    automated:
+      selfHeal: true

everything-app/garage.yaml

@@ -1,65 +0,0 @@
-apiVersion: argoproj.io/v1alpha1
-kind: Application
-metadata:
-  name: garage
-  namespace: argocd
-spec:
-  destination:
-    namespace: garage
-    server: https://kubernetes.default.svc
-  project: infra
-  source:
-    helm:
-      valuesObject:
-        service:
-          type: LoadBalancer
-        persistence:
-          enabled: "true"
-          meta:
-            storageClass: longhorn-fast
-          data:
-            storageClass: longhorn-spinny
-            size: "1Gi"
-        deployment:
-          replicaCount: "1"
-        garage:
-          replicationMode: "1"
-          s3:
-            api:
-              rootDomain: ".s3.files.martyn.berlin"
-            web:
-              rootDomain: ".martyn.berlin"
-        ingress:
-          s3:
-            api:
-              className: "nginx"
-              enabled: "true"
-              annotations: 
-                external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
-                cert-manager.io/cluster-issuer: letsencrypt
-                nginx.ingress.kubernetes.io/proxy-body-size: "700m"
-              tls:
-              - hosts:
-                - "s3.files.martyn.berlin"
-              hosts:
-              - host: s3.files.martyn.berlin
-                paths:
-                - path: /
-                  pathType: Prefix
-            web:
-              className: "nginx"
-              enabled: "true"
-              annotations: 
-                external-dns.alpha.kubernetes.io/target: armnleg.martyn.berlin
-                cert-manager.io/cluster-issuer: letsencrypt
-              tls:
-              - hosts:
-                - "files.martyn.berlin"
-              hosts:
-              - host: files.martyn.berlin
-                paths:
-                - path: /
-                  pathType: Prefix
-    path: script/helm/garage
-    repoURL: https://git.deuxfleurs.fr/Deuxfleurs/garage
-    targetRevision: HEAD

everything-app/samba-longhorn-ssd.yaml

@@ -44,6 +44,9 @@ spec:
           - name: scans
             size: 1Gi
             storageClass: longhorn-fast
+          - name: s3
+            size: 20Gi
+            storageClass: longhorn-fast
     path: apps-helm/samba4
     repoURL: https://git.martyn.berlin/martyn/infra4talos.git
     targetRevision: HEAD