Merge pull request 'revert to 4368a36150 with a few changes' (#77) from helm-flux into main

Reviewed-on: https://gitea.akshun-lab.uk/akshun/public-k3s/pulls/77

cluster/helm/cert-manager/cert-manager-release.yml

@@ -0,0 +1,27 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: cert-manager
+  namespace: cert-manager
+spec:
+  interval: 24h
+  chart:
+    spec:
+      chart: cert-manager
+      version: "v1.18.2"
+      sourceRef:
+        kind: HelmRepository
+        name: jetstack
+        namespace: flux-system
+      interval: 24h
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    crds:
+      enabled: true
+      keep: true

cluster/helm/cert-manager/cert-manager-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: jetstack
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://charts.jetstack.io

cluster/helm/cert-manager/values.yml

@@ -1,5 +0,0 @@
-# https://charts.jetstack.io
-
-crds:
-  enabled: true
-  keep: true

cluster/helm/csi-driver-smb/csi-driver-smb-release.yml

@@ -0,0 +1,22 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: csi-driver-smb
+  namespace: kube-system
+spec:
+  interval: 24h
+  chart:
+    spec:
+      chart: csi-driver-smb
+      version: "1.18.0"
+      sourceRef:
+        kind: HelmRepository
+        name: csi-driver-smb
+        namespace: flux-system
+      interval: 24h
+  install:
+    createNamespace: true
+  upgrade:
+    remediation:
+      remediateLastFailure: true

cluster/helm/csi-driver-smb/csi-driver-smb-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: csi-driver-smb
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts

cluster/helm/csi-driver-smb/values.yml

@@ -1 +0,0 @@
-# https://raw.githubusercontent.com/kubernetes-csi/csi-driver-smb/master/charts

cluster/helm/gpu-operator/gpu-operator-release.yml

@@ -0,0 +1,31 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: gpu-operator
+  namespace: gpu-operator
+spec:
+  interval: 24h
+  chart:
+    spec:
+      chart: gpu-operator
+      version: "v25.3.1"
+      sourceRef:
+        kind: HelmRepository
+        name: nvidia
+        namespace: flux-system
+      interval: 24h
+  install:
+    createNamespace: true
+  upgrade:
+    remediation:
+      remediateLastFailure: true
+  values:
+    driver:
+      enabled: false
+    toolkit:
+      env:
+      - name: CONTAINERD_SOCKET
+        value: /run/k3s/containerd/containerd.sock
+      - name: CONTAINERD_CONFIG
+        value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml

cluster/helm/gpu-operator/gpu-operator-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: nvidia
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://helm.ngc.nvidia.com/nvidia

cluster/helm/gpu-operator/values.yml

@@ -1,9 +0,0 @@
-# https://helm.ngc.nvidia.com/nvidia
-driver:
-  enabled: false
-toolkit:
-  env:
-  - name: CONTAINERD_SOCKET
-    value: /run/k3s/containerd/containerd.sock
-  - name: CONTAINERD_CONFIG
-    value: /var/lib/rancher/k3s/agent/etc/containerd/config.toml

cluster/helm/longhorn/values.yml

@@ -1,11 +0,0 @@
-# https://charts.longhorn.io
-
-persistence:
-  defaultClass: true
-  reclaimPolicy: Retain
-ingress:
-  enabled: false
-service:
-  ui:
-    type: LoadBalancer
-    port: 85

cluster/helm/ollama/ollama-release.yml

@@ -0,0 +1,42 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: ollama
+  namespace: default
+spec:
+  interval: 24h
+  chart:
+    spec:
+      chart: ollama
+      version: "1.22.0"
+      sourceRef:
+        kind: HelmRepository
+        name: ollama
+        namespace: flux-system
+      interval: 24h
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    ollama:
+      gpu:
+        enabled: true
+        type: nvidia
+      models:
+        pull:
+          - gemma3:4b
+        run:
+          - gemma3:4b
+    nodeSelector:
+      type: immich
+    service:
+      type: LoadBalancer
+      port: 3210
+    runtimeClassName: nvidia
+    persistentVolume:
+      enabled: true
+      existingClaim: ollama-pvc

cluster/helm/ollama/ollama-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: ollama
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://otwld.github.io/ollama-helm/

cluster/helm/ollama/values.yml

@@ -1,20 +0,0 @@
-# https://otwld.github.io/ollama-helm/
-
-ollama:
-  gpu:
-    enabled: true
-    type: nvidia
-  models:
-    pull:
-      - gemma3:4b
-    run:
-      - gemma3:4b
-nodeSelector:
-  gpu: nvidia
-service:
-  type: LoadBalancer
-  port: 3210
-runtimeClassName: nvidia
-persistentVolume:
-  enabled: true
-  existingClaim: ollama-pvc

cluster/helm/sealed-secrets/sealed-secrets-release.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: sealed-secrets
+  namespace: flux-system
+spec:
+  chart:
+    spec:
+      chart: sealed-secrets
+      reconcileStrategy: ChartVersion
+      sourceRef:
+        kind: HelmRepository
+        name: sealed-secrets
+      version: '>=1.15.0-0'
+  install:
+    crds: Create
+  interval: 24h
+  releaseName: sealed-secrets
+  targetNamespace: flux-system
+  upgrade:
+    crds: CreateReplace
+  values:
+    service:
+      type: LoadBalancer
+      nodePort: 30081
+    networkPolicy:
+      enabled: true

cluster/helm/sealed-secrets/sealed-secrets-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: sealed-secrets
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://bitnami-labs.github.io/sealed-secrets

cluster/helm/sealed-secrets/values.yml

@@ -1,7 +0,0 @@
-# https://bitnami-labs.github.io/sealed-secrets
-
-service:
-  type: NodePort
-  nodePort: 30081
-networkPolicy:
-  enabled: true

disabled/helm/longhorn/longhorn-release.yml

@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: longhorn
+  namespace: longhorn-system
+spec:
+  interval: 24h
+  chart:
+    spec:
+      chart: longhorn
+      version: "1.9.0"
+      sourceRef:
+        kind: HelmRepository
+        name: longhorn
+        namespace: flux-system
+      interval: 24h
+  install:
+    createNamespace: true
+  upgrade:
+    remediation:
+      remediateLastFailure: true
+  values:
+    persistence:
+      defaultClass: true
+      reclaimPolicy: Retain
+    ingress:
+      enabled: false
+    service:
+      ui:
+        type: LoadBalancer
+        port: 85

disabled/helm/longhorn/longhorn-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: longhorn
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://charts.longhorn.io

disabled/helm/portainer/portainer-release.yml

@@ -0,0 +1,33 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: portainer
+  namespace: default
+spec:
+  interval: 24h
+  chart:
+    spec:
+      chart: portainer
+      version: "1.0.69"
+      sourceRef:
+        kind: HelmRepository
+        name: portainer
+        namespace: flux-system
+      interval: 24h
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    service:
+      type: LoadBalancer
+      httpPort: 9000
+    persistence:
+      enabled: true
+      storageClass: longhorn-static
+      accessModes:
+        - ReadWriteMany
+      size: 500Mi

disabled/helm/portainer/portainer-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: portainer
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://portainer.github.io/k8s/

disabled/helm/portainer/values.yml

@@ -1,11 +0,0 @@
-# https://portainer.github.io/k8s/
-
-service:
-  type: LoadBalancer
-  httpPort: 9000
-persistence:
-  enabled: true
-  storageClass: longhorn-static
-  accessModes:
-    - ReadWriteMany
-  size: 500Mi

disabled/helm/rancher/rancher-release.yml

@@ -0,0 +1,32 @@
+---
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: rancher-stable
+  namespace: cattle-system
+spec:
+  interval: 24h
+  chart:
+    spec:
+      chart: rancher
+      version: "2.11.3"
+      sourceRef:
+        kind: HelmRepository
+        name: rancher-stable
+        namespace: flux-system
+      interval: 24h
+  install:
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    hostname: rancher.akshun-lab.uk
+    service:
+      type: LoadBalancer
+  valuesFrom:
+  - kind: Secret
+    name: rancher-bootstrap-secret
+    valuesKey: bootstrapPassword
+    targetPath: bootstrapPassword

disabled/helm/rancher/rancher-repo.yml

@@ -0,0 +1,9 @@
+---
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: rancher-stable
+  namespace: flux-system
+spec:
+  interval: 24h
+  url: https://releases.rancher.com/server-charts/latest

disabled/helm/rancher/values.yml

@@ -1,10 +0,0 @@
-# https://releases.rancher.com/server-charts/latest
-
-hostname: rancher.akshun-lab.uk
-service:
-  type: LoadBalancer
-valuesFrom:
-  - kind: Secret
-    name: rancher-bootstrap-secret
-    valuesKey: bootstrapPassword
-    targetPath: bootstrapPassword