gitops: plane - project management

gitops/home-kubernetes/plane/helmrelease.yaml

@@ -0,0 +1,135 @@
+# helmrelease.yaml
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: plane
+  namespace: plane
+spec:
+  interval: 30m
+  chart:
+    spec:
+      chart: plane-ce
+      version: "1.16.0"  # pin version, avoid 'stable'
+      sourceRef:
+        kind: HelmRepository
+        name: plane
+        namespace: flux-system
+      interval: 12h
+  timeout: 10m
+  install:
+    createNamespace: true
+    remediation:
+      retries: 3
+  upgrade:
+    remediation:
+      retries: 3
+  values:
+    planeVersion: "v1.16.0"
+
+    ingress:
+      enabled: true
+      appHost: "plane.lab.home.hrajfrisbee.cz"
+      minioHost: "plane-minio.lab.home.hrajfrisbee.cz"
+      rabbitmqHost: "plane-mq.lab.home.hrajfrisbee.cz"  # optional
+      ingressClass: nginx
+      ingress_annotations:
+        cert-manager.io/cluster-issuer: letsencrypt-production
+      #   nginx.ingress.kubernetes.io/proxy-body-size: "10m"
+
+    # PostgreSQL - local stateful or external
+    postgres:
+      local_setup: true
+      storageClass: freenas-iscsi
+      volumeSize: 10Gi
+      # assign_cluster_ip: false
+      # nodeSelector: {}
+      # tolerations: []
+      # affinity: {}
+
+    # Redis/Valkey
+    redis:
+      local_setup: true
+      storageClass: freenas-iscsi
+      volumeSize: 2Gi
+
+    # RabbitMQ
+    rabbitmq:
+      local_setup: true
+      storageClass: freenas-iscsi
+      volumeSize: 1Gi
+
+    # MinIO (S3-compatible storage)
+    minio:
+      local_setup: true
+      storageClass: freenas-iscsi
+      volumeSize: 10Gi
+
+    env:
+      # Database credentials (change these!)
+      pgdb_username: plane
+      pgdb_password: plane-not-so-secret # TODO: do this properly
+      pgdb_name: plane
+
+      # Application secret (MUST change - used for encryption)
+      secret_key: 6u8w9T8P9zolcTMTC1DnErasyHnE6QGyB77tCPPFC/mnbPykb6DfiMW6id3Qy+Ly
+
+      # Storage
+      docstore_bucket: uploads
+      doc_upload_size_limit: 5242880
+
+      # Optional: External services (when local_setup: false)
+      # pgdb_remote_url: "postgresql://user:pass@host:5432/plane"
+      # remote_redis_url: "redis://host:6379/"
+      # aws_access_key: ""
+      # aws_secret_access_key: ""
+      # aws_region: ""
+      # aws_s3_endpoint_url: ""
+
+    # Workload resources (adjust based on cluster capacity)
+    web:
+      replicas: 2
+      memoryLimit: 1000Mi
+      cpuLimit: 500m
+      memoryRequest: 128Mi
+      cpuRequest: 100m
+
+    api:
+      replicas: 2
+      memoryLimit: 1000Mi
+      cpuLimit: 500m
+      memoryRequest: 128Mi
+      cpuRequest: 100m
+
+    worker:
+      replicas: 1
+      memoryLimit: 1000Mi
+      cpuLimit: 500m
+
+    beatworker:
+      replicas: 1
+      memoryLimit: 500Mi
+      cpuLimit: 250m
+
+    space:
+      replicas: 1
+      memoryLimit: 500Mi
+      cpuLimit: 250m
+
+    admin:
+      replicas: 1
+      memoryLimit: 500Mi
+      cpuLimit: 250m
+
+    live:
+      replicas: 1
+      memoryLimit: 500Mi
+      cpuLimit: 250m
+
+    # TLS (requires cert-manager)
+    ssl:
+      createIssuer: false
+      generateCerts: true
+      issuer: letsencrypt-prod
+      # email: admin@example.com
+      # server: https://acme-v02.api.letsencrypt.org/directory
+      # tls_secret_name: plane-tls  # if using existing cert

gitops/home-kubernetes/plane/helmrepository.yaml

@@ -0,0 +1,8 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: HelmRepository
+metadata:
+  name: plane
+  namespace: flux-system
+spec:
+  interval: 1h
+  url: https://helm.plane.so/

gitops/home-kubernetes/plane/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: plane