titan-iac/knowledge/catalog/atlas.yaml

# knowledge/catalog/atlas.yaml
# Generated by scripts/knowledge_render_atlas.py (do not edit by hand)
cluster: atlas
sources:
- name: ai-llm
  path: services/ai-llm
  targetNamespace: ai
- name: bstein-dev-home
  path: services/bstein-dev-home
  targetNamespace: bstein-dev-home
- name: bstein-dev-home-migrations
  path: services/bstein-dev-home/migrations
  targetNamespace: bstein-dev-home
- name: cert-manager
  path: infrastructure/cert-manager
  targetNamespace: cert-manager
- name: cert-manager-cleanup
  path: infrastructure/cert-manager/cleanup
  targetNamespace: cert-manager
- name: comms
  path: services/comms
  targetNamespace: comms
- name: core
  path: infrastructure/core
  targetNamespace: null
- name: crypto
  path: services/crypto
  targetNamespace: crypto
- name: finance
  path: services/finance
  targetNamespace: finance
- name: flux-system
  path: clusters/atlas/flux-system
  targetNamespace: null
- name: gitea
  path: services/gitea
  targetNamespace: gitea
- name: gitops-ui
  path: services/gitops-ui
  targetNamespace: flux-system
- name: harbor
  path: services/harbor
  targetNamespace: harbor
- name: health
  path: services/health
  targetNamespace: health
- name: helm
  path: infrastructure/sources/helm
  targetNamespace: flux-system
- name: jellyfin
  path: services/jellyfin
  targetNamespace: jellyfin
- name: jenkins
  path: services/jenkins
  targetNamespace: jenkins
- name: keycloak
  path: services/keycloak
  targetNamespace: sso
- name: logging
  path: services/logging
  targetNamespace: null
- name: longhorn
  path: infrastructure/longhorn/core
  targetNamespace: longhorn-system
- name: longhorn-adopt
  path: infrastructure/longhorn/adopt
  targetNamespace: longhorn-system
- name: longhorn-ui
  path: infrastructure/longhorn/ui-ingress
  targetNamespace: longhorn-system
- name: mailu
  path: services/mailu
  targetNamespace: mailu-mailserver
- name: maintenance
  path: services/maintenance
  targetNamespace: null
- name: metallb
  path: infrastructure/metallb
  targetNamespace: metallb-system
- name: monerod
  path: services/crypto/monerod
  targetNamespace: crypto
- name: monitoring
  path: services/monitoring
  targetNamespace: null
- name: nextcloud
  path: services/nextcloud
  targetNamespace: nextcloud
- name: nextcloud-mail-sync
  path: services/nextcloud-mail-sync
  targetNamespace: nextcloud
- name: oauth2-proxy
  path: services/oauth2-proxy
  targetNamespace: sso
- name: openldap
  path: services/openldap
  targetNamespace: sso
- name: outline
  path: services/outline
  targetNamespace: outline
- name: pegasus
  path: services/pegasus
  targetNamespace: jellyfin
- name: planka
  path: services/planka
  targetNamespace: planka
- name: postgres
  path: infrastructure/postgres
  targetNamespace: postgres
- name: sui-metrics
  path: services/sui-metrics/overlays/atlas
  targetNamespace: sui-metrics
- name: traefik
  path: infrastructure/traefik
  targetNamespace: traefik
- name: vault
  path: services/vault
  targetNamespace: vault
- name: vault-csi
  path: infrastructure/vault-csi
  targetNamespace: kube-system
- name: vault-injector
  path: infrastructure/vault-injector
  targetNamespace: vault
- name: vaultwarden
  path: services/vaultwarden
  targetNamespace: vaultwarden
- name: wallet-monero-temp
  path: services/crypto/wallet-monero-temp
  targetNamespace: crypto
- name: xmr-miner
  path: services/crypto/xmr-miner
  targetNamespace: crypto
workloads:
- kind: Deployment
  namespace: ai
  name: ollama
  labels:
    app: ollama
  serviceAccountName: null
  nodeSelector: {}
  images:
  - ollama/ollama@sha256:2c9595c555fd70a28363489ac03bd5bf9e7c5bdf2890373c3a830ffd7252ce6d
- kind: Deployment
  namespace: bstein-dev-home
  name: bstein-dev-home-backend
  labels:
    app: bstein-dev-home-backend
  serviceAccountName: bstein-dev-home
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - registry.bstein.dev/bstein/bstein-dev-home-backend:0.1.1-157
- kind: Deployment
  namespace: bstein-dev-home
  name: bstein-dev-home-frontend
  labels:
    app: bstein-dev-home-frontend
  serviceAccountName: null
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - registry.bstein.dev/bstein/bstein-dev-home-frontend:0.1.1-157
- kind: Deployment
  namespace: bstein-dev-home
  name: bstein-dev-home-vault-sync
  labels:
    app: bstein-dev-home-vault-sync
  serviceAccountName: bstein-dev-home-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: Deployment
  namespace: bstein-dev-home
  name: chat-ai-gateway
  labels:
    app: chat-ai-gateway
  serviceAccountName: bstein-dev-home
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - python:3.11-slim
- kind: Deployment
  namespace: comms
  name: atlasbot
  labels:
    app: atlasbot
  serviceAccountName: atlasbot
  nodeSelector:
    hardware: rpi5
  images:
  - python:3.11-slim
- kind: Deployment
  namespace: comms
  name: comms-vault-sync
  labels:
    app: comms-vault-sync
  serviceAccountName: comms-vault
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: Deployment
  namespace: comms
  name: coturn
  labels:
    app: coturn
  serviceAccountName: comms-vault
  nodeSelector:
    hardware: rpi5
  images:
  - ghcr.io/coturn/coturn:4.6.2
- kind: Deployment
  namespace: comms
  name: element-call
  labels:
    app: element-call
  serviceAccountName: null
  nodeSelector:
    hardware: rpi5
  images:
  - ghcr.io/element-hq/element-call@sha256:e6897c7818331714eae19d83ef8ea94a8b41115f0d8d3f62c2fed2d02c65c9bc
- kind: Deployment
  namespace: comms
  name: livekit
  labels:
    app: livekit
  serviceAccountName: comms-vault
  nodeSelector:
    hardware: rpi5
  images:
  - livekit/livekit-server:v1.9.0
- kind: Deployment
  namespace: comms
  name: livekit-token-service
  labels:
    app: livekit-token-service
  serviceAccountName: comms-vault
  nodeSelector:
    hardware: rpi5
  images:
  - registry.bstein.dev/tools/lk-jwt-service-vault:0.3.0
- kind: Deployment
  namespace: comms
  name: matrix-authentication-service
  labels:
    app: matrix-authentication-service
  serviceAccountName: comms-vault
  nodeSelector:
    hardware: rpi5
  images:
  - ghcr.io/element-hq/matrix-authentication-service:1.8.0
- kind: Deployment
  namespace: comms
  name: matrix-guest-register
  labels:
    app.kubernetes.io/name: matrix-guest-register
  serviceAccountName: comms-vault
  nodeSelector: {}
  images:
  - python:3.11-slim
- kind: Deployment
  namespace: comms
  name: matrix-wellknown
  labels:
    app: matrix-wellknown
  serviceAccountName: null
  nodeSelector: {}
  images:
  - nginx:1.27-alpine
- kind: DaemonSet
  namespace: crypto
  name: monero-xmrig
  labels:
    app: monero-xmrig
  serviceAccountName: null
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - ghcr.io/tari-project/xmrig@sha256:80defbfd0b640d604c91cb5101d3642db7928e1e68ee3c6b011289b3565a39d9
- kind: Deployment
  namespace: crypto
  name: crypto-vault-sync
  labels:
    app: crypto-vault-sync
  serviceAccountName: crypto-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: Deployment
  namespace: crypto
  name: monero-p2pool
  labels:
    app: monero-p2pool
  serviceAccountName: crypto-vault-sync
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - debian:bookworm-slim
- kind: Deployment
  namespace: crypto
  name: monerod
  labels:
    app: monerod
  serviceAccountName: null
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - registry.bstein.dev/crypto/monerod:0.18.4.1
- kind: Deployment
  namespace: crypto
  name: wallet-monero-temp
  labels:
    app: wallet-monero-temp
  serviceAccountName: crypto-vault-sync
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - registry.bstein.dev/crypto/monero-wallet-rpc:0.18.4.1
- kind: Deployment
  namespace: finance
  name: actual-budget
  labels:
    app: actual-budget
  serviceAccountName: finance-vault
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - actualbudget/actual-server:26.1.0-alpine@sha256:34aae5813fdfee12af2a50c4d0667df68029f1d61b90f45f282473273eb70d0d
- kind: Deployment
  namespace: finance
  name: firefly
  labels:
    app: firefly
  serviceAccountName: finance-vault
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - fireflyiii/core:version-6.4.15
- kind: Deployment
  namespace: flux-system
  name: helm-controller
  labels:
    app: helm-controller
    app.kubernetes.io/component: helm-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v2.7.5
  serviceAccountName: helm-controller
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - ghcr.io/fluxcd/helm-controller:v1.4.5
- kind: Deployment
  namespace: flux-system
  name: image-automation-controller
  labels:
    app: image-automation-controller
    app.kubernetes.io/component: image-automation-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v2.7.5
  serviceAccountName: image-automation-controller
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - ghcr.io/fluxcd/image-automation-controller:v1.0.4
- kind: Deployment
  namespace: flux-system
  name: image-reflector-controller
  labels:
    app: image-reflector-controller
    app.kubernetes.io/component: image-reflector-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v2.7.5
  serviceAccountName: image-reflector-controller
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - ghcr.io/fluxcd/image-reflector-controller:v1.0.4
- kind: Deployment
  namespace: flux-system
  name: kustomize-controller
  labels:
    app: kustomize-controller
    app.kubernetes.io/component: kustomize-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v2.7.5
  serviceAccountName: kustomize-controller
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - ghcr.io/fluxcd/kustomize-controller:v1.7.3
- kind: Deployment
  namespace: flux-system
  name: notification-controller
  labels:
    app: notification-controller
    app.kubernetes.io/component: notification-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v2.7.5
  serviceAccountName: notification-controller
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - ghcr.io/fluxcd/notification-controller:v1.7.5
- kind: Deployment
  namespace: flux-system
  name: source-controller
  labels:
    app: source-controller
    app.kubernetes.io/component: source-controller
    app.kubernetes.io/instance: flux-system
    app.kubernetes.io/part-of: flux
    app.kubernetes.io/version: v2.7.5
  serviceAccountName: source-controller
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - ghcr.io/fluxcd/source-controller:v1.7.4
- kind: Deployment
  namespace: gitea
  name: gitea
  labels:
    app: gitea
  serviceAccountName: gitea-vault
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - gitea/gitea:1.23
- kind: Deployment
  namespace: harbor
  name: harbor-vault-sync
  labels:
    app: harbor-vault-sync
  serviceAccountName: harbor-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: Deployment
  namespace: health
  name: wger
  labels:
    app: wger
  serviceAccountName: health-vault-sync
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - nginx:1.27.5-alpine@sha256:65645c7bb6a0661892a8b03b89d0743208a18dd2f3f17a54ef4b76fb8e2f2a10
  - wger/server@sha256:710588b78af4e0aa0b4d8a8061e4563e16eae80eeaccfe7f9e0d9cbdd7f0cbc5
- kind: Deployment
  namespace: jellyfin
  name: jellyfin
  labels:
    app: jellyfin
  serviceAccountName: pegasus-vault-sync
  nodeSelector: {}
  images:
  - docker.io/jellyfin/jellyfin:10.11.5
- kind: Deployment
  namespace: jellyfin
  name: pegasus
  labels:
    app: pegasus
  serviceAccountName: pegasus-vault-sync
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - alpine:3.20
  - registry.bstein.dev/streaming/pegasus-vault:1.2.32
- kind: Deployment
  namespace: jellyfin
  name: pegasus-vault-sync
  labels:
    app: pegasus-vault-sync
  serviceAccountName: pegasus-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: Deployment
  namespace: jenkins
  name: jenkins
  labels:
    app: jenkins
  serviceAccountName: jenkins
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - jenkins/jenkins:2.528.3-jdk21
- kind: Deployment
  namespace: jenkins
  name: jenkins-vault-sync
  labels:
    app: jenkins-vault-sync
  serviceAccountName: jenkins-vault-sync
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - alpine:3.20
- kind: DaemonSet
  namespace: kube-system
  name: ntp-sync
  labels:
    app: ntp-sync
  serviceAccountName: null
  nodeSelector: {}
  images:
  - public.ecr.aws/docker/library/busybox:1.36.1
- kind: DaemonSet
  namespace: kube-system
  name: nvidia-device-plugin-jetson
  labels:
    app.kubernetes.io/instance: jetson
    app.kubernetes.io/name: nvidia-device-plugin
  serviceAccountName: null
  nodeSelector:
    jetson: 'true'
    kubernetes.io/arch: arm64
  images:
  - nvcr.io/nvidia/k8s-device-plugin:v0.16.2
- kind: DaemonSet
  namespace: kube-system
  name: nvidia-device-plugin-minipc
  labels:
    app.kubernetes.io/instance: titan22
    app.kubernetes.io/name: nvidia-device-plugin
  serviceAccountName: null
  nodeSelector:
    kubernetes.io/arch: amd64
    kubernetes.io/hostname: titan-22
  images:
  - nvcr.io/nvidia/k8s-device-plugin:v0.16.2
- kind: DaemonSet
  namespace: kube-system
  name: nvidia-device-plugin-tethys
  labels:
    app.kubernetes.io/instance: titan24
    app.kubernetes.io/name: nvidia-device-plugin
  serviceAccountName: null
  nodeSelector:
    kubernetes.io/arch: amd64
    kubernetes.io/hostname: titan-24
  images:
  - nvcr.io/nvidia/k8s-device-plugin:v0.16.2
- kind: DaemonSet
  namespace: kube-system
  name: vault-csi-provider
  labels:
    app.kubernetes.io/name: vault-csi-provider
  serviceAccountName: vault-csi-provider
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - hashicorp/vault-csi-provider:1.7.0
- kind: Deployment
  namespace: kube-system
  name: coredns
  labels:
    k8s-app: kube-dns
  serviceAccountName: coredns
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - registry.bstein.dev/infra/coredns:1.12.1
- kind: DaemonSet
  namespace: logging
  name: node-image-gc-rpi4
  labels:
    app: node-image-gc-rpi4
  serviceAccountName: node-image-gc-rpi4
  nodeSelector:
    hardware: rpi4
  images:
  - bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
- kind: DaemonSet
  namespace: logging
  name: node-image-prune-rpi5
  labels:
    app: node-image-prune-rpi5
  serviceAccountName: node-image-prune-rpi5
  nodeSelector:
    hardware: rpi5
  images:
  - bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
- kind: DaemonSet
  namespace: logging
  name: node-log-rotation
  labels:
    app: node-log-rotation
  serviceAccountName: node-log-rotation
  nodeSelector:
    hardware: rpi5
  images:
  - bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
- kind: Deployment
  namespace: logging
  name: logging-vault-sync
  labels:
    app: logging-vault-sync
  serviceAccountName: logging-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: Deployment
  namespace: logging
  name: oauth2-proxy-logs
  labels:
    app: oauth2-proxy-logs
  serviceAccountName: logging-vault-sync
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - registry.bstein.dev/tools/oauth2-proxy-vault:v7.6.0
- kind: Deployment
  namespace: longhorn-system
  name: longhorn-vault-sync
  labels:
    app: longhorn-vault-sync
  serviceAccountName: longhorn-vault-sync
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - alpine:3.20
- kind: Deployment
  namespace: longhorn-system
  name: oauth2-proxy-longhorn
  labels:
    app: oauth2-proxy-longhorn
  serviceAccountName: longhorn-vault
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - quay.io/oauth2-proxy/oauth2-proxy:v7.6.0
- kind: DaemonSet
  namespace: mailu-mailserver
  name: vip-controller
  labels:
    app: vip-controller
  serviceAccountName: vip-controller
  nodeSelector:
    mailu.bstein.dev/vip: 'true'
  images:
  - registry.bstein.dev/bstein/kubectl:1.35.0
- kind: Deployment
  namespace: mailu-mailserver
  name: mailu-vault-sync
  labels:
    app: mailu-vault-sync
  serviceAccountName: mailu-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: DaemonSet
  namespace: maintenance
  name: disable-k3s-traefik
  labels:
    app: disable-k3s-traefik
  serviceAccountName: disable-k3s-traefik
  nodeSelector:
    node-role.kubernetes.io/control-plane: 'true'
  images:
  - bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
- kind: DaemonSet
  namespace: maintenance
  name: k3s-agent-restart
  labels:
    app: k3s-agent-restart
  serviceAccountName: node-nofile
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
- kind: DaemonSet
  namespace: maintenance
  name: node-image-sweeper
  labels:
    app: node-image-sweeper
  serviceAccountName: node-image-sweeper
  nodeSelector:
    kubernetes.io/os: linux
  images:
  - python:3.12.9-alpine3.20
- kind: DaemonSet
  namespace: maintenance
  name: node-nofile
  labels:
    app: node-nofile
  serviceAccountName: node-nofile
  nodeSelector: {}
  images:
  - bitnami/kubectl@sha256:554ab88b1858e8424c55de37ad417b16f2a0e65d1607aa0f3fe3ce9b9f10b131
- kind: Deployment
  namespace: maintenance
  name: ariadne
  labels:
    app: ariadne
  serviceAccountName: ariadne
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - registry.bstein.dev/bstein/ariadne:0.1.0-49
- kind: Deployment
  namespace: maintenance
  name: maintenance-vault-sync
  labels:
    app: maintenance-vault-sync
  serviceAccountName: maintenance-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: DaemonSet
  namespace: monitoring
  name: dcgm-exporter
  labels:
    app: dcgm-exporter
  serviceAccountName: default
  nodeSelector: {}
  images:
  - registry.bstein.dev/monitoring/dcgm-exporter:4.4.2-4.7.0-ubuntu22.04
- kind: DaemonSet
  namespace: monitoring
  name: jetson-tegrastats-exporter
  labels:
    app: jetson-tegrastats-exporter
  serviceAccountName: default
  nodeSelector:
    jetson: 'true'
  images:
  - python:3.10-slim
- kind: Deployment
  namespace: monitoring
  name: monitoring-vault-sync
  labels:
    app: monitoring-vault-sync
  serviceAccountName: monitoring-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: Deployment
  namespace: monitoring
  name: postmark-exporter
  labels:
    app: postmark-exporter
  serviceAccountName: monitoring-vault-sync
  nodeSelector: {}
  images:
  - python:3.12-alpine
- kind: Deployment
  namespace: nextcloud
  name: collabora
  labels:
    app: collabora
  serviceAccountName: null
  nodeSelector:
    hardware: rpi5
  images:
  - collabora/code@sha256:3c58d0e9bae75e4647467d0c7d91cb66f261d3e814709aed590b5c334a04db26
- kind: Deployment
  namespace: nextcloud
  name: nextcloud
  labels:
    app: nextcloud
  serviceAccountName: nextcloud-vault
  nodeSelector:
    hardware: rpi5
  images:
  - nextcloud:29-apache
- kind: Deployment
  namespace: outline
  name: outline
  labels:
    app: outline
  serviceAccountName: outline-vault
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - outlinewiki/outline:1.2.0
- kind: Deployment
  namespace: outline
  name: outline-redis
  labels:
    app: outline-redis
  serviceAccountName: null
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - redis:7.4.1-alpine
- kind: Deployment
  namespace: planka
  name: planka
  labels:
    app: planka
  serviceAccountName: planka-vault
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - ghcr.io/plankanban/planka:2.0.0-rc.4
- kind: StatefulSet
  namespace: postgres
  name: postgres
  labels:
    app: postgres
  serviceAccountName: postgres-vault
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - postgres:15
  - quay.io/prometheuscommunity/postgres-exporter:v0.15.0
- kind: Deployment
  namespace: sso
  name: keycloak
  labels:
    app: keycloak
  serviceAccountName: sso-vault
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - quay.io/keycloak/keycloak:26.0.7
- kind: Deployment
  namespace: sso
  name: oauth2-proxy
  labels:
    app: oauth2-proxy
  serviceAccountName: sso-vault
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - registry.bstein.dev/tools/oauth2-proxy-vault:v7.6.0
- kind: Deployment
  namespace: sso
  name: sso-vault-sync
  labels:
    app: sso-vault-sync
  serviceAccountName: sso-vault-sync
  nodeSelector: {}
  images:
  - alpine:3.20
- kind: StatefulSet
  namespace: sso
  name: openldap
  labels:
    app: openldap
  serviceAccountName: sso-vault
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - docker.io/osixia/openldap:1.5.0
- kind: Deployment
  namespace: sui-metrics
  name: sui-metrics
  labels:
    app: sui-metrics
  serviceAccountName: sui-metrics
  nodeSelector:
    hardware: rpi5
  images:
  - victoriametrics/vmagent:v1.103.0
- kind: Deployment
  namespace: traefik
  name: traefik
  labels:
    app: traefik
    app.kubernetes.io/instance: traefik-kube-system
    app.kubernetes.io/name: traefik
  serviceAccountName: traefik-ingress-controller
  nodeSelector:
    node-role.kubernetes.io/worker: 'true'
  images:
  - traefik:v3.3.3
- kind: StatefulSet
  namespace: vault
  name: vault
  labels:
    app: vault
  serviceAccountName: vault
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - hashicorp/vault:1.17.6
- kind: Deployment
  namespace: vaultwarden
  name: vaultwarden
  labels:
    app: vaultwarden
  serviceAccountName: vaultwarden-vault
  nodeSelector:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: 'true'
  images:
  - vaultwarden/server:1.35.2
services:
- namespace: ai
  name: ollama
  type: ClusterIP
  selector:
    app: ollama
  ports:
  - name: http
    port: 11434
    targetPort: 11434
    protocol: TCP
- namespace: bstein-dev-home
  name: bstein-dev-home-backend
  type: ClusterIP
  selector:
    app: bstein-dev-home-backend
  ports:
  - name: http
    port: 80
    targetPort: 8080
    protocol: TCP
- namespace: bstein-dev-home
  name: bstein-dev-home-frontend
  type: ClusterIP
  selector:
    app: bstein-dev-home-frontend
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
- namespace: bstein-dev-home
  name: chat-ai-gateway
  type: ClusterIP
  selector:
    app: chat-ai-gateway
  ports:
  - name: http
    port: 80
    targetPort: 8080
    protocol: TCP
- namespace: comms
  name: coturn
  type: LoadBalancer
  selector:
    app: coturn
  ports:
  - name: turn-udp
    port: 3478
    targetPort: 3478
    protocol: UDP
  - name: turn-tcp
    port: 3478
    targetPort: 3478
    protocol: TCP
  - name: turn-tls
    port: 5349
    targetPort: 5349
    protocol: TCP
  - name: relay-50000
    port: 50000
    targetPort: 50000
    protocol: UDP
  - name: relay-50001
    port: 50001
    targetPort: 50001
    protocol: UDP
  - name: relay-50002
    port: 50002
    targetPort: 50002
    protocol: UDP
  - name: relay-50003
    port: 50003
    targetPort: 50003
    protocol: UDP
  - name: relay-50004
    port: 50004
    targetPort: 50004
    protocol: UDP
  - name: relay-50005
    port: 50005
    targetPort: 50005
    protocol: UDP
  - name: relay-50006
    port: 50006
    targetPort: 50006
    protocol: UDP
  - name: relay-50007
    port: 50007
    targetPort: 50007
    protocol: UDP
  - name: relay-50008
    port: 50008
    targetPort: 50008
    protocol: UDP
  - name: relay-50009
    port: 50009
    targetPort: 50009
    protocol: UDP
  - name: relay-50010
    port: 50010
    targetPort: 50010
    protocol: UDP
  - name: relay-50011
    port: 50011
    targetPort: 50011
    protocol: UDP
  - name: relay-50012
    port: 50012
    targetPort: 50012
    protocol: UDP
  - name: relay-50013
    port: 50013
    targetPort: 50013
    protocol: UDP
  - name: relay-50014
    port: 50014
    targetPort: 50014
    protocol: UDP
  - name: relay-50015
    port: 50015
    targetPort: 50015
    protocol: UDP
  - name: relay-50016
    port: 50016
    targetPort: 50016
    protocol: UDP
  - name: relay-50017
    port: 50017
    targetPort: 50017
    protocol: UDP
  - name: relay-50018
    port: 50018
    targetPort: 50018
    protocol: UDP
  - name: relay-50019
    port: 50019
    targetPort: 50019
    protocol: UDP
  - name: relay-50020
    port: 50020
    targetPort: 50020
    protocol: UDP
  - name: relay-50021
    port: 50021
    targetPort: 50021
    protocol: UDP
  - name: relay-50022
    port: 50022
    targetPort: 50022
    protocol: UDP
  - name: relay-50023
    port: 50023
    targetPort: 50023
    protocol: UDP
  - name: relay-50024
    port: 50024
    targetPort: 50024
    protocol: UDP
  - name: relay-50025
    port: 50025
    targetPort: 50025
    protocol: UDP
  - name: relay-50026
    port: 50026
    targetPort: 50026
    protocol: UDP
  - name: relay-50027
    port: 50027
    targetPort: 50027
    protocol: UDP
  - name: relay-50028
    port: 50028
    targetPort: 50028
    protocol: UDP
  - name: relay-50029
    port: 50029
    targetPort: 50029
    protocol: UDP
  - name: relay-50030
    port: 50030
    targetPort: 50030
    protocol: UDP
  - name: relay-50031
    port: 50031
    targetPort: 50031
    protocol: UDP
  - name: relay-50032
    port: 50032
    targetPort: 50032
    protocol: UDP
  - name: relay-50033
    port: 50033
    targetPort: 50033
    protocol: UDP
  - name: relay-50034
    port: 50034
    targetPort: 50034
    protocol: UDP
  - name: relay-50035
    port: 50035
    targetPort: 50035
    protocol: UDP
  - name: relay-50036
    port: 50036
    targetPort: 50036
    protocol: UDP
  - name: relay-50037
    port: 50037
    targetPort: 50037
    protocol: UDP
  - name: relay-50038
    port: 50038
    targetPort: 50038
    protocol: UDP
  - name: relay-50039
    port: 50039
    targetPort: 50039
    protocol: UDP
  - name: relay-50040
    port: 50040
    targetPort: 50040
    protocol: UDP
  - name: relay-50041
    port: 50041
    targetPort: 50041
    protocol: UDP
  - name: relay-50042
    port: 50042
    targetPort: 50042
    protocol: UDP
  - name: relay-50043
    port: 50043
    targetPort: 50043
    protocol: UDP
  - name: relay-50044
    port: 50044
    targetPort: 50044
    protocol: UDP
  - name: relay-50045
    port: 50045
    targetPort: 50045
    protocol: UDP
  - name: relay-50046
    port: 50046
    targetPort: 50046
    protocol: UDP
  - name: relay-50047
    port: 50047
    targetPort: 50047
    protocol: UDP
  - name: relay-50048
    port: 50048
    targetPort: 50048
    protocol: UDP
  - name: relay-50049
    port: 50049
    targetPort: 50049
    protocol: UDP
  - name: relay-50050
    port: 50050
    targetPort: 50050
    protocol: UDP
- namespace: comms
  name: element-call
  type: ClusterIP
  selector:
    app: element-call
  ports:
  - name: http
    port: 80
    targetPort: 8080
    protocol: TCP
- namespace: comms
  name: livekit
  type: LoadBalancer
  selector:
    app: livekit
  ports:
  - name: http
    port: 7880
    targetPort: 7880
    protocol: TCP
  - name: rtc-tcp
    port: 7881
    targetPort: 7881
    protocol: TCP
  - name: rtc-udp-7882
    port: 7882
    targetPort: 7882
    protocol: UDP
  - name: rtc-udp-7883
    port: 7883
    targetPort: 7883
    protocol: UDP
- namespace: comms
  name: livekit-token-service
  type: ClusterIP
  selector:
    app: livekit-token-service
  ports:
  - name: http
    port: 8080
    targetPort: 8080
    protocol: TCP
- namespace: comms
  name: matrix-authentication-service
  type: ClusterIP
  selector:
    app: matrix-authentication-service
  ports:
  - name: http
    port: 8080
    targetPort: http
    protocol: TCP
  - name: internal
    port: 8081
    targetPort: internal
    protocol: TCP
- namespace: comms
  name: matrix-guest-register
  type: ClusterIP
  selector:
    app.kubernetes.io/name: matrix-guest-register
  ports:
  - name: http
    port: 8080
    targetPort: http
    protocol: TCP
- namespace: comms
  name: matrix-wellknown
  type: ClusterIP
  selector:
    app: matrix-wellknown
  ports:
  - name: http
    port: 80
    targetPort: 80
    protocol: TCP
- namespace: crypto
  name: monerod
  type: ClusterIP
  selector:
    app: monerod
  ports:
  - name: rpc
    port: 18081
    targetPort: 18081
    protocol: TCP
  - name: p2p
    port: 18080
    targetPort: 18080
    protocol: TCP
  - name: zmq
    port: 18083
    targetPort: 18083
    protocol: TCP
- namespace: crypto
  name: p2pool
  type: ClusterIP
  selector:
    app: p2pool
  ports:
  - name: stratum
    port: 3333
    targetPort: 3333
    protocol: TCP
- namespace: crypto
  name: wallet-monero-temp
  type: ClusterIP
  selector:
    app: wallet-monero-temp
  ports:
  - name: rpc
    port: 18083
    targetPort: 18083
    protocol: TCP
- namespace: finance
  name: actual-budget
  type: ClusterIP
  selector:
    app: actual-budget
  ports:
  - name: http
    port: 80
    targetPort: 5006
    protocol: TCP
- namespace: finance
  name: firefly
  type: ClusterIP
  selector:
    app: firefly
  ports:
  - name: http
    port: 80
    targetPort: 8080
    protocol: TCP
- namespace: flux-system
  name: notification-controller
  type: ClusterIP
  selector:
    app: notification-controller
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: flux-system
  name: source-controller
  type: ClusterIP
  selector:
    app: source-controller
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: flux-system
  name: webhook-receiver
  type: ClusterIP
  selector:
    app: notification-controller
  ports:
  - name: http
    port: 80
    targetPort: http-webhook
    protocol: TCP
- namespace: gitea
  name: gitea
  type: ClusterIP
  selector:
    app: gitea
  ports:
  - name: http
    port: 3000
    targetPort: 3000
    protocol: TCP
- namespace: gitea
  name: gitea-ssh
  type: LoadBalancer
  selector:
    app: gitea
  ports:
  - name: ssh
    port: 2242
    targetPort: 2242
    protocol: TCP
- namespace: health
  name: wger
  type: ClusterIP
  selector:
    app: wger
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: jellyfin
  name: jellyfin
  type: ClusterIP
  selector:
    app: jellyfin
  ports:
  - name: http
    port: 80
    targetPort: 8096
    protocol: TCP
- namespace: jellyfin
  name: pegasus
  type: ClusterIP
  selector:
    app: pegasus
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: jenkins
  name: jenkins
  type: ClusterIP
  selector:
    app: jenkins
  ports:
  - name: http
    port: 8080
    targetPort: 8080
    protocol: TCP
  - name: agent-listener
    port: 50000
    targetPort: 50000
    protocol: TCP
- namespace: logging
  name: oauth2-proxy-logs
  type: ClusterIP
  selector:
    app: oauth2-proxy-logs
  ports:
  - name: http
    port: 80
    targetPort: 4180
    protocol: TCP
- namespace: longhorn-system
  name: oauth2-proxy-longhorn
  type: ClusterIP
  selector:
    app: oauth2-proxy-longhorn
  ports:
  - name: http
    port: 80
    targetPort: 4180
    protocol: TCP
- namespace: mailu-mailserver
  name: mailu-front-lb
  type: LoadBalancer
  selector:
    app.kubernetes.io/component: front
    app.kubernetes.io/instance: mailu
    app.kubernetes.io/name: mailu
  ports:
  - name: smtp
    port: 25
    targetPort: 25
    protocol: TCP
  - name: smtps
    port: 465
    targetPort: 465
    protocol: TCP
  - name: submission
    port: 587
    targetPort: 587
    protocol: TCP
  - name: imaps
    port: 993
    targetPort: 993
    protocol: TCP
  - name: pop3s
    port: 995
    targetPort: 995
    protocol: TCP
  - name: sieve
    port: 4190
    targetPort: 4190
    protocol: TCP
- namespace: maintenance
  name: ariadne
  type: ClusterIP
  selector:
    app: ariadne
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: monitoring
  name: dcgm-exporter
  type: ClusterIP
  selector:
    app: dcgm-exporter
  ports:
  - name: metrics
    port: 9400
    targetPort: metrics
    protocol: TCP
- namespace: monitoring
  name: jetson-tegrastats-exporter
  type: ClusterIP
  selector:
    app: jetson-tegrastats-exporter
  ports:
  - name: metrics
    port: 9100
    targetPort: metrics
    protocol: TCP
- namespace: monitoring
  name: postmark-exporter
  type: ClusterIP
  selector:
    app: postmark-exporter
  ports:
  - name: http
    port: 8000
    targetPort: http
    protocol: TCP
- namespace: nextcloud
  name: collabora
  type: ClusterIP
  selector:
    app: collabora
  ports:
  - name: http
    port: 9980
    targetPort: http
    protocol: TCP
- namespace: nextcloud
  name: nextcloud
  type: ClusterIP
  selector:
    app: nextcloud
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: outline
  name: outline
  type: ClusterIP
  selector:
    app: outline
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: outline
  name: outline-redis
  type: ClusterIP
  selector:
    app: outline-redis
  ports:
  - name: redis
    port: 6379
    targetPort: redis
    protocol: TCP
- namespace: planka
  name: planka
  type: ClusterIP
  selector:
    app: planka
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: postgres
  name: postgres-service
  type: ClusterIP
  selector:
    app: postgres
  ports:
  - name: postgres
    port: 5432
    targetPort: 5432
    protocol: TCP
  - name: metrics
    port: 9187
    targetPort: 9187
    protocol: TCP
- namespace: sso
  name: keycloak
  type: ClusterIP
  selector:
    app: keycloak
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
- namespace: sso
  name: oauth2-proxy
  type: ClusterIP
  selector:
    app: oauth2-proxy
  ports:
  - name: http
    port: 80
    targetPort: 4180
    protocol: TCP
- namespace: sso
  name: openldap
  type: ClusterIP
  selector:
    app: openldap
  ports:
  - name: ldap
    port: 389
    targetPort: ldap
    protocol: TCP
  - name: ldaps
    port: 636
    targetPort: ldaps
    protocol: TCP
- namespace: sui-metrics
  name: sui-metrics
  type: ClusterIP
  selector:
    app: sui-metrics
  ports:
  - name: http
    port: 8429
    targetPort: 8429
    protocol: TCP
- namespace: traefik
  name: traefik
  type: LoadBalancer
  selector:
    app: traefik
  ports:
  - name: web
    port: 80
    targetPort: web
    protocol: TCP
  - name: websecure
    port: 443
    targetPort: websecure
    protocol: TCP
- namespace: traefik
  name: traefik-metrics
  type: ClusterIP
  selector:
    app: traefik
  ports:
  - name: metrics
    port: 9100
    targetPort: metrics
    protocol: TCP
- namespace: vault
  name: vault
  type: ClusterIP
  selector:
    app: vault
  ports:
  - name: api
    port: 8200
    targetPort: 8200
    protocol: TCP
  - name: cluster
    port: 8201
    targetPort: 8201
    protocol: TCP
- namespace: vault
  name: vault-internal
  type: ClusterIP
  selector:
    app: vault
  ports:
  - name: api
    port: 8200
    targetPort: 8200
    protocol: TCP
  - name: cluster
    port: 8201
    targetPort: 8201
    protocol: TCP
- namespace: vaultwarden
  name: vaultwarden-service
  type: ClusterIP
  selector:
    app: vaultwarden
  ports:
  - name: http
    port: 80
    targetPort: http
    protocol: TCP
http_endpoints:
- host: auth.bstein.dev
  path: /
  backend:
    namespace: sso
    service: oauth2-proxy
    port: 80
    workloads:
    - kind: Deployment
      name: oauth2-proxy
  via:
    kind: Ingress
    name: oauth2-proxy
    source: oauth2-proxy
- host: bstein.dev
  path: /
  backend:
    namespace: bstein-dev-home
    service: bstein-dev-home-frontend
    port: 80
    workloads:
    - kind: Deployment
      name: bstein-dev-home-frontend
  via:
    kind: Ingress
    name: bstein-dev-home
    source: bstein-dev-home
- host: bstein.dev
  path: /.well-known/matrix/client
  backend:
    namespace: comms
    service: matrix-wellknown
    port: 80
    workloads: &id001
    - kind: Deployment
      name: matrix-wellknown
  via:
    kind: Ingress
    name: matrix-wellknown-bstein-dev
    source: comms
- host: bstein.dev
  path: /.well-known/matrix/server
  backend:
    namespace: comms
    service: matrix-wellknown
    port: 80
    workloads: *id001
  via:
    kind: Ingress
    name: matrix-wellknown-bstein-dev
    source: comms
- host: bstein.dev
  path: /api
  backend:
    namespace: bstein-dev-home
    service: bstein-dev-home-backend
    port: 80
    workloads:
    - kind: Deployment
      name: bstein-dev-home-backend
  via:
    kind: Ingress
    name: bstein-dev-home
    source: bstein-dev-home
- host: budget.bstein.dev
  path: /
  backend:
    namespace: finance
    service: actual-budget
    port: 80
    workloads:
    - kind: Deployment
      name: actual-budget
  via:
    kind: Ingress
    name: actual-budget
    source: finance
- host: call.live.bstein.dev
  path: /
  backend:
    namespace: comms
    service: element-call
    port: 80
    workloads:
    - kind: Deployment
      name: element-call
  via:
    kind: Ingress
    name: element-call
    source: comms
- host: chat.ai.bstein.dev
  path: /
  backend:
    namespace: bstein-dev-home
    service: chat-ai-gateway
    port: 80
    workloads:
    - kind: Deployment
      name: chat-ai-gateway
  via:
    kind: Ingress
    name: bstein-dev-home
    source: bstein-dev-home
- host: ci.bstein.dev
  path: /
  backend:
    namespace: jenkins
    service: jenkins
    port: http
    workloads:
    - kind: Deployment
      name: jenkins
  via:
    kind: Ingress
    name: jenkins
    source: jenkins
- host: cloud.bstein.dev
  path: /
  backend:
    namespace: nextcloud
    service: nextcloud
    port: 80
    workloads:
    - kind: Deployment
      name: nextcloud
  via:
    kind: Ingress
    name: nextcloud
    source: nextcloud
- host: health.bstein.dev
  path: /
  backend:
    namespace: health
    service: wger
    port: 80
    workloads:
    - kind: Deployment
      name: wger
  via:
    kind: Ingress
    name: wger
    source: health
- host: kit.live.bstein.dev
  path: /livekit/jwt
  backend:
    namespace: comms
    service: livekit-token-service
    port: 8080
    workloads:
    - kind: Deployment
      name: livekit-token-service
  via:
    kind: Ingress
    name: livekit-jwt-ingress
    source: comms
- host: kit.live.bstein.dev
  path: /livekit/sfu
  backend:
    namespace: comms
    service: livekit
    port: 7880
    workloads:
    - kind: Deployment
      name: livekit
  via:
    kind: Ingress
    name: livekit-ingress
    source: comms
- host: live.bstein.dev
  path: /.well-known/matrix/client
  backend:
    namespace: comms
    service: matrix-wellknown
    port: 80
    workloads: *id001
  via:
    kind: Ingress
    name: matrix-wellknown
    source: comms
- host: live.bstein.dev
  path: /.well-known/matrix/server
  backend:
    namespace: comms
    service: matrix-wellknown
    port: 80
    workloads: *id001
  via:
    kind: Ingress
    name: matrix-wellknown
    source: comms
- host: live.bstein.dev
  path: /_matrix
  backend:
    namespace: comms
    service: othrys-synapse-matrix-synapse
    port: 8008
    workloads: []
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: live.bstein.dev
  path: /_matrix/client/r0/register
  backend:
    namespace: comms
    service: matrix-guest-register
    port: 8080
    workloads: &id003
    - kind: Deployment
      name: matrix-guest-register
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: live.bstein.dev
  path: /_matrix/client/v3/login
  backend:
    namespace: comms
    service: matrix-authentication-service
    port: 8080
    workloads: &id002
    - kind: Deployment
      name: matrix-authentication-service
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: live.bstein.dev
  path: /_matrix/client/v3/logout
  backend:
    namespace: comms
    service: matrix-authentication-service
    port: 8080
    workloads: *id002
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: live.bstein.dev
  path: /_matrix/client/v3/refresh
  backend:
    namespace: comms
    service: matrix-authentication-service
    port: 8080
    workloads: *id002
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: live.bstein.dev
  path: /_matrix/client/v3/register
  backend:
    namespace: comms
    service: matrix-guest-register
    port: 8080
    workloads: *id003
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: logs.bstein.dev
  path: /
  backend:
    namespace: logging
    service: oauth2-proxy-logs
    port: http
    workloads:
    - kind: Deployment
      name: oauth2-proxy-logs
  via:
    kind: Ingress
    name: logs
    source: logging
- host: longhorn.bstein.dev
  path: /
  backend:
    namespace: longhorn-system
    service: oauth2-proxy-longhorn
    port: 80
    workloads:
    - kind: Deployment
      name: oauth2-proxy-longhorn
  via:
    kind: Ingress
    name: longhorn-ingress
    source: longhorn-ui
- host: mail.bstein.dev
  path: /
  backend:
    namespace: mailu-mailserver
    service: mailu-front
    port: 443
    workloads: []
  via:
    kind: IngressRoute
    name: mailu
    source: mailu
- host: matrix.live.bstein.dev
  path: /
  backend:
    namespace: comms
    service: matrix-authentication-service
    port: 8080
    workloads: *id002
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: matrix.live.bstein.dev
  path: /.well-known/matrix/client
  backend:
    namespace: comms
    service: matrix-wellknown
    port: 80
    workloads: *id001
  via:
    kind: Ingress
    name: matrix-wellknown-matrix-live
    source: comms
- host: matrix.live.bstein.dev
  path: /.well-known/matrix/server
  backend:
    namespace: comms
    service: matrix-wellknown
    port: 80
    workloads: *id001
  via:
    kind: Ingress
    name: matrix-wellknown-matrix-live
    source: comms
- host: matrix.live.bstein.dev
  path: /_matrix
  backend:
    namespace: comms
    service: othrys-synapse-matrix-synapse
    port: 8008
    workloads: []
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: matrix.live.bstein.dev
  path: /_matrix/client/r0/register
  backend:
    namespace: comms
    service: matrix-guest-register
    port: 8080
    workloads: *id003
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: matrix.live.bstein.dev
  path: /_matrix/client/v3/login
  backend:
    namespace: comms
    service: matrix-authentication-service
    port: 8080
    workloads: *id002
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: matrix.live.bstein.dev
  path: /_matrix/client/v3/logout
  backend:
    namespace: comms
    service: matrix-authentication-service
    port: 8080
    workloads: *id002
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: matrix.live.bstein.dev
  path: /_matrix/client/v3/refresh
  backend:
    namespace: comms
    service: matrix-authentication-service
    port: 8080
    workloads: *id002
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: matrix.live.bstein.dev
  path: /_matrix/client/v3/register
  backend:
    namespace: comms
    service: matrix-guest-register
    port: 8080
    workloads: *id003
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: matrix.live.bstein.dev
  path: /_synapse
  backend:
    namespace: comms
    service: othrys-synapse-matrix-synapse
    port: 8008
    workloads: []
  via:
    kind: Ingress
    name: matrix-routing
    source: comms
- host: monero.bstein.dev
  path: /
  backend:
    namespace: crypto
    service: monerod
    port: 18081
    workloads:
    - kind: Deployment
      name: monerod
  via:
    kind: Ingress
    name: monerod
    source: monerod
- host: money.bstein.dev
  path: /
  backend:
    namespace: finance
    service: firefly
    port: 80
    workloads:
    - kind: Deployment
      name: firefly
  via:
    kind: Ingress
    name: firefly
    source: finance
- host: notes.bstein.dev
  path: /
  backend:
    namespace: outline
    service: outline
    port: 80
    workloads:
    - kind: Deployment
      name: outline
  via:
    kind: Ingress
    name: outline
    source: outline
- host: office.bstein.dev
  path: /
  backend:
    namespace: nextcloud
    service: collabora
    port: 9980
    workloads:
    - kind: Deployment
      name: collabora
  via:
    kind: Ingress
    name: collabora
    source: nextcloud
- host: pegasus.bstein.dev
  path: /
  backend:
    namespace: jellyfin
    service: pegasus
    port: 80
    workloads:
    - kind: Deployment
      name: pegasus
  via:
    kind: Ingress
    name: pegasus
    source: pegasus
- host: scm.bstein.dev
  path: /
  backend:
    namespace: gitea
    service: gitea
    port: 3000
    workloads:
    - kind: Deployment
      name: gitea
  via:
    kind: Ingress
    name: gitea-ingress
    source: gitea
- host: secret.bstein.dev
  path: /
  backend:
    namespace: vault
    service: vault
    port: 8200
    workloads:
    - kind: StatefulSet
      name: vault
  via:
    kind: Ingress
    name: vault
    source: vault
- host: sso.bstein.dev
  path: /
  backend:
    namespace: sso
    service: keycloak
    port: 80
    workloads:
    - kind: Deployment
      name: keycloak
  via:
    kind: Ingress
    name: keycloak
    source: keycloak
- host: stream.bstein.dev
  path: /
  backend:
    namespace: jellyfin
    service: jellyfin
    port: 80
    workloads:
    - kind: Deployment
      name: jellyfin
  via:
    kind: Ingress
    name: jellyfin
    source: jellyfin
- host: tasks.bstein.dev
  path: /
  backend:
    namespace: planka
    service: planka
    port: 80
    workloads:
    - kind: Deployment
      name: planka
  via:
    kind: Ingress
    name: planka
    source: planka
- host: vault.bstein.dev
  path: /
  backend:
    namespace: vaultwarden
    service: vaultwarden-service
    port: 80
    workloads:
    - kind: Deployment
      name: vaultwarden
  via:
    kind: Ingress
    name: vaultwarden-ingress
    source: vaultwarden
helmrelease_host_hints:
  comms:comms/othrys-element:
  - call.live.bstein.dev
  - live.bstein.dev
  - matrix.live.bstein.dev
  comms:comms/othrys-synapse:
  - kit.live.bstein.dev
  - live.bstein.dev
  - matrix.live.bstein.dev
  - turn.live.bstein.dev
  gitops-ui:flux-system/weave-gitops:
  - cd.bstein.dev
  harbor:harbor/harbor:
  - registry.bstein.dev
  logging:logging/data-prepper:
  - registry.bstein.dev
  longhorn:longhorn-system/longhorn:
  - registry.bstein.dev
  mailu:mailu-mailserver/mailu:
  - bstein.dev
  - mail.bstein.dev
  monitoring:monitoring/alertmanager:
  - alerts.bstein.dev
  monitoring:monitoring/grafana:
  - bstein.dev
  - mail.bstein.dev
  - metrics.bstein.dev
  - sso.bstein.dev
  monitoring:monitoring/kube-state-metrics:
  - atlas.bstein.dev