chore: cleanup apps and add more

Signed-off-by: Michael Fornaro <20387402+xUnholy@users.noreply.github.com>

.github/renovate/groups.json5

@@ -20,6 +20,16 @@
         "commitMessageTopic": "{{{groupName}}} group"
       },
       "separateMinorPatch": true
+    },
+    {
+      "description": "Istio Group",
+      "groupName": "istio",
+      "matchDatasources": ["helm"],
+      "matchPackagePatterns": ["gateway", "istio-base", "istio-cni", "istiod"],
+      "group": {
+        "commitMessageTopic": "{{{groupName}}} group"
+      },
+      "separateMinorPatch": true
     }
   ]
 }

.github/workflows/schemas.yaml

@@ -0,0 +1,70 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+name: "Publish Kubernetes Schemas"
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: "0 0 * * 0"
+  push:
+    branches:
+      - "main"
+    paths:
+      - ".github/workflows/schemas.yaml"
+
+env:
+  OCI_REPO: "oci://ghcr.io/xunholy/kubernetes-schemas/${{ github.event.repository.name }}"
+
+jobs:
+  publish:
+    name: Schemas
+    runs-on: ["gha-runner-scale-set"]
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          token: "${{ steps.app-token.outputs.token }}"
+
+      - name: Generate Token
+        uses: actions/create-github-app-token@c1a285145b9d317df6ced56c09f525b5c2b6f755 # v1
+        id: app-token
+        with:
+          app-id: "${{ secrets.BOT_APP_ID }}"
+          private-key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"
+
+      - name: Setup Homebrew
+        uses: Homebrew/actions/setup-homebrew@master
+
+      - name: Setup Workflow Tools
+        run: brew install kubectl uv
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.13.x
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22.x
+
+      - name: Install Python Dependencies
+        run: uv pip install pyyaml
+
+      - name: Download and run crd-extractor
+        run: |
+          curl -fsSL -o $GITHUB_WORKSPACE/crd-extractor.sh \
+              https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/Utilities/crd-extractor.sh
+          chmod +x $GITHUB_WORKSPACE/crd-extractor.sh
+          bash $GITHUB_WORKSPACE/crd-extractor.sh
+
+      - name: Deploy to Cloudflare Pages
+        uses: cloudflare/wrangler-action@v3
+        with:
+          apiToken: "${{ secrets.CLOUDFLARE_API_TOKEN }}"
+          accountId: "${{ secrets.CLOUDFLARE_ACCOUNT_ID }}"
+          workingDirectory: /home/runner/.datree/crdSchemas
+          command: pages deploy --project-name=kubernetes-schemas --branch main .

README.md

@@ -1,10 +1,8 @@
 <div align="center">
 
-<img src="./docs/assets/raspbernetes.png" alt="Raspbernetes">
+<img src="./docs/assets/banner.png" alt="Raspbernetes">
 
-## Raspbernetes
-
-My _Personal_ Kubernetes GitOps Repository
+My _Personal_ Homelab Repository
 
 _... managed with Flux, Renovate and GitHub Actions_
 
@@ -103,7 +101,7 @@ task cluster CLUSTER_NAME=cluster-0
 | [Protectli VP2410 ](https://protectli.com/product/vp2410/)                             | Kubernetes Control Plane | 3        | 4 Cores | 8GB RAM  | AMD64        | [Talos Linux](https://www.talos.dev/) |       |
 | [Protectli FW2B](https://protectli.com/product/fw2b/)                                  | Kubernetes Node(s)       | 3        | 2 Cores | 8GB RAM  | AMD64        | [Talos Linux](https://www.talos.dev/) |       |
 | [Raspberry Pi 4 Model B](https://www.raspberrypi.org/products/raspberry-pi-4-model-b/) | Kubernetes Node(s)       | 4        | 4 Cores | 8GB RAM  | ARM64        | [Talos Linux](https://www.talos.dev/) |       |
-| [Rock Pi 4 Model C](https://rockpi.org/rockpi4#)                                       | Kubernetes Node(s)       | 6        | 4 Cores | 4GB RAM  | ARM64        | [Talos Linux](https://www.talos.dev/) |       |
+| [Rock Pi 4 Model C](https://rockpi.org/rockpi4#)                                       | Kubernetes Node(s)       | 6        | 4 Cores | 4GB RAM  | ARM64        | [Talos Linux](https://www.talos.dev/) |  Decommisioned   |
 
 ## ☁️ Cloud Services
 
@@ -159,11 +157,11 @@ This repository is automatically managed by [Renovate](https://renovatebot.com/)
 
 ## 🤝 Acknowledgments
 
-A special thank you to everyone in the Kubernetes @Home Discord community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic.
+A special thank you to everyone in the [Home Operation Discord](https://discord.com/invite/home-operations) community for their valuable contributions and time. Much of the inspiration for my cluster comes from fellow enthusiasts who have shared their own clusters under the k8s-at-home GitHub topic.
 
 Also I extend heartfelt thanks to all CNCF contributors for their dedication and expertise, as their collective efforts have been vital in driving innovation and success within the cloud-native ecosystem.
 
-For more ideas on deploying applications or discovering new possibilities, be sure to explore the [Kubernetes @Home search](https://nanne.dev/k8s-at-home-search/) search.
+For more ideas on deploying applications or discovering new possibilities, be sure to explore the [kubesearch.dev](https://kubesearch.dev/) search.
 
 ## 👥 Contributing
 

kubernetes/namespaces/base/actions-runner-system/gha-runner-scale-set/app/helmrelease.yaml

@@ -45,6 +45,7 @@ spec:
       namespace: actions-runner-system
   values:
     nameOverride: gha-runner-scale-set
+    runnerScaleSetName: gha-runner-scale-set
     githubConfigSecret: github-app-secret
     githubConfigUrl: https://github.com/xunholy/k8s-gitops
     maxRunners: 3

kubernetes/namespaces/base/flux-system/addons/notifications/github/alerts.yaml

@@ -11,4 +11,4 @@ spec:
   eventSeverity: info
   eventSources:
     - kind: Kustomization
-      name: 'flux-system'
+      name: '*'

kubernetes/namespaces/base/home-system/jellyseerr/app/helmrelease.yaml

@@ -0,0 +1,109 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.pages.dev/helm.toolkit.fluxcd.io/helmrelease_v2beta2.json
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: jellyseerr
+  namespace: home-system
+spec:
+  interval: 5m
+  chart:
+    spec:
+      version: 3.6.0
+      chart: app-template
+      sourceRef:
+        kind: HelmRepository
+        name: bjw-charts
+        namespace: flux-system
+      interval: 5m
+  install:
+    timeout: 10m
+    replace: true
+    crds: CreateReplace
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      remediateLastFailure: true
+      retries: 3
+      strategy: rollback
+    cleanupOnFail: true
+    crds: CreateReplace
+  test:
+    enable: true
+  rollback:
+    recreate: true
+    force: true
+    cleanupOnFail: true
+  uninstall:
+    keepHistory: false
+  driftDetection:
+    mode: enabled
+  maxHistory: 3
+  values:
+    controllers:
+      jellyseerr:
+        containers:
+          app:
+            image:
+              repository: docker.io/fallenbagel/jellyseerr
+              tag: 2.2.3@sha256:a324fa4d81cce73116801bee3c50b632f3457c0ca0ad31aa692c640e22f50dea
+            env:
+              TZ: Australia/Melbourne
+              LOG_LEVEL: "info"
+              PORT: &port 80
+            envFrom:
+              - secretRef:
+                  name: jellyseerr-secret
+            probes:
+              liveness: &probes
+                enabled: true
+                custom: true
+                spec:
+                  httpGet:
+                    path: /api/v1/status
+                    port: *port
+                  initialDelaySeconds: 0
+                  periodSeconds: 10
+                  timeoutSeconds: 1
+                  failureThreshold: 3
+              readiness: *probes
+            securityContext:
+              allowPrivilegeEscalation: false
+              readOnlyRootFilesystem: true
+              capabilities: { drop: ["ALL"] }
+            resources:
+              requests:
+                cpu: 10m
+              limits:
+                memory: 2Gi
+    defaultPodOptions:
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        fsGroupChangePolicy: OnRootMismatch
+        seccompProfile: { type: RuntimeDefault }
+    service:
+      app:
+        controller: jellyseerr
+        ports:
+          http:
+            port: *port
+    persistence:
+      config:
+        existingClaim: jellyseerr
+        globalMounts:
+          - path: /app/config
+      cache:
+        existingClaim: jellyseerr-cache
+        globalMounts:
+          - path: /app/config/cache
+      logs:
+        type: emptyDir
+        globalMounts:
+          - path: /app/config/logs
+      tmp:
+        type: emptyDir

kubernetes/namespaces/base/home-system/jellyseerr/app/pvc.yaml

@@ -0,0 +1,12 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jellyseerr-cache
+spec:
+  accessModes: ["ReadWriteOnce"]
+  resources:
+    requests:
+      storage: 15Gi
+  # TODO: Update once storage class is created
+  # storageClassName: ceph-block

kubernetes/namespaces/base/home-system/overseerr/app/virtualservice.yaml → kubernetes/namespaces/base/home-system/jellyseerr/app/virtualservice.yaml

@@ -18,5 +18,5 @@ spec:
         - destination:
             port:
               number: 80
-            host: overseerr.home-system.svc.cluster.local
+            host: jellyseerr.home-system.svc.cluster.local
           weight: 100