diff --git a/apps/base/miniflux/database.yaml b/apps/base/miniflux/database.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..8332e1936f5a8820d66038885dcf8ca2fa953a72
--- /dev/null
+++ b/apps/base/miniflux/database.yaml
@@ -0,0 +1,38 @@
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+ name: miniflux-postgres
+spec:
+ teamId: "miniflux"
+ volume:
+ size: 1Gi
+ numberOfInstances: 1
+ users:
+ miniflux:
+ - superuser
+ - createdb
+ databases:
+ miniflux: miniflux
+ postgresql:
+ version: "15"
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: allow-from-miniflux-to-database
+spec:
+ policyTypes:
+ - Ingress
+ ingress:
+ - from:
+ - podSelector:
+ matchLabels: {}
+ ports:
+ - port: 5432
+ protocol: TCP
+ podSelector:
+ matchExpressions:
+ - key: application
+ operator: In
+ values:
+ - spilo
\ No newline at end of file
diff --git a/apps/base/miniflux/deployment.yaml b/apps/base/miniflux/deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7a33d9ea2c7da839f6f51dc648da7212495fd9ab
--- /dev/null
+++ b/apps/base/miniflux/deployment.yaml
@@ -0,0 +1,87 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: miniflux
+spec:
+ replicas: 1
+ selector:
+ matchLabels: {}
+ strategy:
+ type: RollingUpdate
+ template:
+ spec:
+ serviceAccountName: miniflux
+ containers:
+ - image: ghcr.io/miniflux/miniflux:2.0.51-distroless
+ name: miniflux
+ env:
+ - name: RUN_MIGRATIONS
+ value: "1"
+ - name: PGHOST
+ value: miniflux-postgres.miniflux.svc.cluster.local
+ - name: PGUSER
+ valueFrom:
+ secretKeyRef:
+ name: miniflux.miniflux-postgres.credentials.postgresql.acid.zalan.do
+ key: username
+ - name: PGPASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: miniflux.miniflux-postgres.credentials.postgresql.acid.zalan.do
+ key: password
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: "1"
+ memory: "512Mi"
+ ports:
+ - name: http
+ containerPort: 8080
+ protocol: TCP
+ readinessProbe:
+ exec:
+ command:
+ - /usr/bin/miniflux
+ - -healthcheck
+ - auto
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ securityContext:
+ runAsNonRoot: true
+ seccompProfile:
+ type: RuntimeDefault
+ topologySpreadConstraints:
+ - maxSkew: 1
+ topologyKey: kubernetes.io/hostname
+ whenUnsatisfiable: DoNotSchedule
+ labelSelector:
+ matchLabels: {}
+ matchLabelKeys:
+ - pod-template-hash
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: miniflux
+spec:
+ type: ClusterIP
+ selector: {}
+ ports:
+ - name: http
+ protocol: TCP
+ port: 80
+ targetPort: http
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: miniflux
+spec:
+ maxUnavilable: 1
+ selector:
+ matchLabels: {}
diff --git a/apps/base/miniflux/kustomization.yaml b/apps/base/miniflux/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e5d2a426481aeb4b5f1b965d8e1bb3e5f8286f49
--- /dev/null
+++ b/apps/base/miniflux/kustomization.yaml
@@ -0,0 +1,16 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: miniflux
+resources:
+ - namespace.yaml
+ - deployment.yaml
+ - database.yaml
+ - serviceaccount.yaml
+ - ../../../shared/networkpolicies/allow-from-ingress.yaml
+ - ../../../shared/networkpolicies/allow-from-database.yaml
+
+commonLabels:
+ app.kubernetes.io/name: miniflux
+
+components:
+ - ../../../shared/components/namespace-restricted
\ No newline at end of file
diff --git a/apps/base/miniflux/namespace.yaml b/apps/base/miniflux/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b960a5b793ad4139648c9208abfee06b61c605df
--- /dev/null
+++ b/apps/base/miniflux/namespace.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: blog
+ labels: {}
\ No newline at end of file
diff --git a/apps/base/miniflux/serviceaccount.yaml b/apps/base/miniflux/serviceaccount.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..207b7fa856e09677ad8913f81dc5b1242006b094
--- /dev/null
+++ b/apps/base/miniflux/serviceaccount.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: miniflux
+automountServiceAccountToken: false
\ No newline at end of file
diff --git a/apps/k8s01/miniflux/certificate.yaml b/apps/k8s01/miniflux/certificate.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4ed817f96cf4968ee80742f47c13bba68ea41795
--- /dev/null
+++ b/apps/k8s01/miniflux/certificate.yaml
@@ -0,0 +1,63 @@
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+ name: miniflux-tls
+spec:
+ dnsNames:
+ - ENC[AES256_GCM,data:PIVJFIhlhbrRoMKUX5ULQ35t/9rBDXyRFpZgrupC,iv:q66nNgQjcSDJVBKxiN7wzgLedYQvX5YuGnxpKJTiwys=,tag:/8Ktw4JoC8LM19+/rZY3IA==,type:str]
+ issuerRef:
+ name: letsencrypt
+ kind: ClusterIssuer
+ secretName: ingress-miniflux-tls
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2024-02-04T23:11:32Z"
+ mac: ENC[AES256_GCM,data:RQAUP+NLw6sLde1wPJ9hln4D7SKppW2lG4AmDVVgPWM0KJfA1jkpz1dvEVbEf3jq3sx/1ro114RxkZoS5G/UAzA+AnS4Oza4YOvcWY7xTOj6StuqPx+yw3C8DIq5r3KRl/vWN56QXCdl+KISR0y3bxTt7Y3EtFd/PrOSb/MpSNM=,iv:TEsUmHmJpdYgsS6XXS9SNEvTcnxSLaebmbhs30Jc8qQ=,tag:H2oWsqN+G5SIvVe2m83CAw==,type:str]
+ pgp:
+ - created_at: "2022-01-21T18:13:48Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcAQ/+IG1TAuVEGzcWHg38roMiVRzgWKGSFwKWomqbuHrI5chZ
+ yWb9+L1THbckzT/azkmT+0I7KLuy7leN0MgENBMJ1UrHzLw5Sc267soVNft0ssvx
+ tEGIApqGgnVVoxALe0muynNBg3hJ94RzmgjgfWyQLdYxyq2WKusafGMeZVEDW4GV
+ R02O6MHYyect0i0F2RZRY03nILbiriZTIImVMdP3AcVu92fbTJk6/DKz0STWsVWK
+ 8PmSy2C/dtZQXt9+F/xDXRwUmjE0WlUsdcraDMGX6CUYQenXzarOGEx8fWuFfVJk
+ WdUUB5WE7YjoXEoCN1/bLMsGzWTCOrHVUXufeowaKeiwX/mr9vsf1gbfsiaTfxcq
+ BcCT7KxAFomHA6rdeAd+Lcseg+cbGxKZNiG5yjdJEsOvqa+eXQ0RF1Nziq0DapBn
+ rAnh3QYRWuE8lB9WsKb+gI+J0eLtAJd6cqQcORfhpSG1e6vQHLbGrkv/RYJ+lX/6
+ rTkpNE9sinLHz+X3rPAGY362/wexeZszRbtEcWJVGNpATEQNViQfpZoUgESxZ0Ax
+ TgDMfHztbvqkenwLefN7GEsRAiKXkIo5zzZ3tBMltJEFYwKJ7I+8RoTzZfDQmu8N
+ Keo58QQZ/ZgyKeWqeCyvAf8Fm7yeZxCD2Io9ZGYmtSLc+p7hvxt1gPPqZTSd6tfS
+ UQFKjoz1drNOuk1gWBK6MFYwLvLpwzWTQg1Z3e46CSkP8eRYvuFqMRzrksi5TecA
+ n3ZABsoIRIYz4fUMn/VFK6hlQ0jgRzhO/Fpf9qiWpJDPsg==
+ =/Bxq
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-01-21T18:13:48Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ/6AzWmuFdkDO05b5jctWs4uajFEtSTKABuLLAl4PCOtbHK
+ KzTcqKv5OAuge3Zrx7EtN9Ls5Y2AYH3szFuhPYdqCNEGFl5IFYLehfRjDm/2VnL7
+ 7pEMEApOCcc5UHeiXnTG235DIWIJPGQ5i3gpuQ8uaYtxlBiYlF7TGgAezIWaD2/F
+ inVH+B+mJDI2zP2E5JR5lBV8QfzoMYMFII6ZKKCTlombKJCF7kUcXcApU+rCcwKQ
+ AETde0FitrHxr+BwGfaDfKMnVXkzAf1VLsfuj7ChoZ1E08uB4tVLTgaC4xmMKEM7
+ JZbfO/wQ7lAGi+vGoJXR+HgqSxgM3e0rQHj/O4VV7aDUw9TTN/7FAeR5App4AGJl
+ JfxnKzB3j9O4H/kwaaw1QboQbFvr/dGy1T5TmQ/CmTfATpJuDI4pGQS8U4j9Fx2P
+ cSkAjGU4roQLCPlW7kyg8Kr1Im8hG8/9Bfw8UGW8Gq9koflZgSHEj+4GSyTgAEE1
+ dEpYyACc43XeOt8MoAWBTWP67LaRMxi6EPBGgMl3Z+DE+syEeJcW2kpX1MxFihSL
+ vEh1XL5JHs9oxU98WnW+DWJ1t1UxBd8q74SoqTL2al3q2JtiIcv6yxrI2cXnjzFj
+ e0TMJ8KWBEq3dZ0pISzn6PVUpTsjsu5oM7UYCxv6h63FvkUkgk/+UfsFMZM7BhPU
+ ZgEJAhC7qcJaCRfODlYxG1mHlYgQrBOuoQly8KWztvCVfGObRrr5hKzKfucRNSw7
+ Bqped4pJrsSn6rIOShAIIxIyP1cT0Fs+Y01NZxwU+1t/jzC16sVMeVfeJCT5ASjp
+ J22N7mBf9g==
+ =Kklm
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL)$
+ version: 3.7.3
diff --git a/apps/k8s01/miniflux/database-patch.yaml b/apps/k8s01/miniflux/database-patch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..32d8e7cdfd6f11d43be02519c2a8e1f64773373b
--- /dev/null
+++ b/apps/k8s01/miniflux/database-patch.yaml
@@ -0,0 +1,6 @@
+apiVersion: "acid.zalan.do/v1"
+kind: postgresql
+metadata:
+ name: miniflux-postgres
+spec:
+ numberOfInstances: 2
diff --git a/apps/k8s01/miniflux/deployment-patch.yaml b/apps/k8s01/miniflux/deployment-patch.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..a5347d0fac93884054e8888b6d82caf5ab952282
--- /dev/null
+++ b/apps/k8s01/miniflux/deployment-patch.yaml
@@ -0,0 +1,28 @@
+- op: add
+ path: /spec/template/spec/containers/0/envFrom
+ value: []
+- op: add
+ path: /spec/template/spec/containers/0/envFrom/-
+ value:
+ secretRef:
+ name: miniflux-config
+- op: add
+ path: /spec/template/spec/containers/0/volumeMounts
+ value: []
+- op: add
+ path: /spec/template/spec/containers/0/volumeMounts/-
+ value:
+ name: oauth2-config
+ mountPath: /run/miniflux/secrets/
+ readOnly: true
+- op: add
+ path: /spec/template/spec/volumes
+ value: []
+- op: add
+ path: /spec/template/spec/volumes/-
+ value:
+ name: oauth2-config
+ secret:
+ secretName: miniflux-oauth2
+ optional: false
+
\ No newline at end of file
diff --git a/apps/k8s01/miniflux/ingress.yaml b/apps/k8s01/miniflux/ingress.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..05dc3f98255fde8c18127af78d8351653413e434
--- /dev/null
+++ b/apps/k8s01/miniflux/ingress.yaml
@@ -0,0 +1,76 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: miniflux
+ annotations:
+ forecastle.stakater.com/expose: "true"
+ forecastle.stakater.com/appName: Miniflux
+ forecastle.stakater.com/group: Apps
+spec:
+ rules:
+ - host: ENC[AES256_GCM,data:dSEXU4xHC8hepujV1ZzaP2nONnbGVYuHLs39mjgC,iv:inr61pJ3wd5LWpqQiJZ2aucyaVpYoFtNQaHjklzQn/k=,tag:K0OOqNOdFnIn4oaLPPsGxQ==,type:str]
+ http:
+ paths:
+ - backend:
+ service:
+ name: miniflux
+ port:
+ name: http
+ path: /
+ pathType: Prefix
+ tls:
+ - hosts:
+ - ENC[AES256_GCM,data:KhVWWd2D1piobvN8W54JmO1o+E/q6sXtmt2JP2fn,iv:5A75dpy/OzB95BVfxvyDxtAJmbQzc1gwD1FhRU2cSPU=,tag:13fUVv3iJ+QEp2IAmDqu+g==,type:str]
+ secretName: ingress-miniflux-tls
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2024-02-04T23:11:39Z"
+ mac: ENC[AES256_GCM,data:L+f+R5suXNf2VaTEz+NhLAqAHnGYv1OZ+4Sevb+xH9XCI0bZo9XedsrRnO17hyBjydJJ/NWbnhoir3lKoPgdb8VlH5IAgdtUx58GPCsedN6fS7rzZ+S+pXYKI2hbUhqTCzr4F9b81oNnvStYE7tIyC8fFXQZgJuzDDzmE9k2WgA=,iv:NK8kHdRpWbCFHbriAFYpT63mi5cvNf0Yi0JD2+gdp0w=,tag:PrECmSv3a2Tc8myD1AJwDw==,type:str]
+ pgp:
+ - created_at: "2022-11-21T23:23:18Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAAsBmSVlkEOFbQFLJ1AgsE9kAbwc3M0JDE1xQ/1hv6Gbpx
+ vtdSxwGnP5gIJ92peux+lQwR6COdpxOXFPJInh3g8nlKC1Rai6otIrXPuV/wc81/
+ CShqXUeOKuWjmS5k/O9saJjaCEghJ+WNjnkcOkxhuZoIZk7e3FgHwMfnQsoGA5Cu
+ Ry5PDXRPE92Zz0eA3sh0ycdOiMaTbGomJ7cUf0GflsqOpDh7iSPqcrmN5QPxNTDh
+ ZoO1I0IS8akUQGxK7hS887TJKaAtXWAQNugBPFZhfCGl6q//dq1ZVMfH3Npzv+Jw
+ nIDviLEex+TOQjBORFWMb8DGubP+dr+WOCtuPlKsYKg2zi6hYXM21LWl/7uHj+Mk
+ AWlDkSgjMF2Vk3VhGny9thycwOYN506lQONPu9iQLBcVZHK6l01eiyfh7rDM8agt
+ xB3YPWqPACISgj9gnJFCnly8eJaYdejgIUBuwFSesIt3O1xM4k1ghZkNBVLZdlrj
+ ejOOheAOcEGgS7moPX2rJZ6jZqn+7x7GnAtPj6VQX1U+6MJxMYmF8Ej0aTsFafn1
+ 7kPpheEauIBv8RuFV7sBYvUonoxeWNEeD3h4fRQSAwq5O2aYlso/VrA9lmecroi0
+ 0IuCbjL9ZklZYchSUAh/1mGloh79iGJcCYgDBPel/lZjrCJNMiSGcX2iCctJBQLS
+ UQHlmtT6NAy5/3eDia7LGIbmplivGVuvAIjUC20QcWDoGw02WsGvdlNdv12JHQY5
+ PhGmgS565cInYmhr7Nbv4i+p/vON2kWA5liU7LZ5a8nUuA==
+ =gn0m
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-11-21T23:23:18Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//ZCm4SMaNG0O5p99rsyHMyny6u4wfKiNL7USGKXn3cX5i
+ U9ZGxc31sZB45TasFjFQQ/e9hdVtrIRdrIKrNKEdPfRdw5zdjm5/Uwje49RAizsY
+ CyG9u6y+p/QVLHq2Wjd90VylFruqPA4MdhYB9fafH1PWaQe9L5k9877GPKbIsVWT
+ aAD3IrW98d8NCm0z8C8JdMTYHjbZnpejFLqJtpj8ff/E42G9Q9qJexP3jLE3KnKO
+ VJOOoYjDHpeWxG3x9kBvEvMrAAsKuGagAxrrgrzROVFw72AP17MLcrVToCzKy8Y4
+ LSV5aqSR5o5wA5AAwJa8gjhi43KNtPZX+3KExX+fyIJPVpgF3UaAGcrC5h3bIUjL
+ yE5tbn3CXkwQm0HtfB5pI4PEUC36zqrqoTpZ8SLbA+xZK6FtmeBLH1DQtB1iJBeC
+ vsQECQfQ9ZbnPq++eoAHZkVsiDrDkmpHxeS66owdKuLTvZPxx8jPGqAVtQmFTEJn
+ Uh3dFVmvzGJYPfqH6sOwxZhOeX1ESaKjY2+e+wW9q2kvMSOwvzWvOOqiP+90fWr3
+ xlgkXx2FTuMIAxTdUUE3dnRc9ViqTUCd/MZkZACNYKSfs7fZzULOwW8vQAXEQqq0
+ ZmmVUV1cJt6EXX+qhB4JkDftI8FqYfGE1NwEDlXdlZznV8pg1FHAPoHD8pAG11vU
+ aAEJAhCRjh6jPG2xGIxp9DG3hw0Z5QRaHmL9vecYIPHaRpf434MlW78/dP2z3yQ3
+ RuXZrfGr3KBhhAPLFMo6iCfYyrJ3xeto0vlHsRzyZJ0ldniKvuXGUQCqu+AFwI1H
+ 0/W950Z/5NVd
+ =8WwG
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|.*(H|h)osts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey|externalName)$
+ version: 3.7.3
diff --git a/apps/k8s01/miniflux/kustomization.yaml b/apps/k8s01/miniflux/kustomization.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..06795ab036882e9fd8dd3b90385ab7b55a5713bf
--- /dev/null
+++ b/apps/k8s01/miniflux/kustomization.yaml
@@ -0,0 +1,21 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: miniflux
+resources:
+ - ../../base/miniflux
+ - certificate.yaml
+ - slo.yaml
+ - ingress.yaml
+ - ../../../shared/resourcequotas/default.yaml
+patches:
+- path: database-patch.yaml
+- path: deployment-patch.yaml
+ target:
+ group: apps
+ version: v1
+ kind: Deployment
+ name: miniflux
+
+commonLabels:
+ app.kubernetes.io/name: miniflux
+ app.kubernetes.io/instance: miniflux
\ No newline at end of file
diff --git a/apps/k8s01/miniflux/secret.yaml b/apps/k8s01/miniflux/secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f2eb2ddf05beaa8ded738d2d23b078721c3a0343
--- /dev/null
+++ b/apps/k8s01/miniflux/secret.yaml
@@ -0,0 +1,123 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: miniflux-config
+type: Opaque
+stringData:
+ OAUTH2_OIDC_DISCOVERY_ENDPOINT: ENC[AES256_GCM,data:LPdHWyF8gKzn+vP3Eyv4xSbcdUfGGOSoP/4wV0wWNm9AGKH9Uku0u4hOFr6bFcU0vcPm63ufcP0=,iv:/aixCgGYiXwMZlQ45FeGu1cYT7blUNkEJt4M631SInE=,tag:FzkE1xKsd8+PCz5I4wGG9g==,type:str]
+ OAUTH2_REDIRECT_URL: ENC[AES256_GCM,data:P2CRt6tUafc1OA3C5vQuWhc17JIAeY8XSVCjkn0uiWXd2AZTNo9C5Iaqq7MLZQr6jwnbrVfV9orrU1E=,iv:KG9X/JToBgs2A3r6cgJgIt036oH+9d1Qh+9VVLXq7cA=,tag:IjkV8fT4sxYEsuqRUATGyw==,type:str]
+ OAUTH2_CLIENT_SECRET_FILE: ENC[AES256_GCM,data:Ga3GMNN6j1eK6NZqcM7l7NMl+g8KR/p2U64EQwpdKMjLz54=,iv:pTqNOUxms7cuipd6CM4pq9zl3azVywi8wNt32dc35q0=,tag:fV7zXi9GGcAUOU91yXNbLg==,type:str]
+ OAUTH2_CLIENT_ID_FILE: ENC[AES256_GCM,data:JOQRsoODMtm6dg1f9yYQg1OnFOAt2951raCWsaNsDg==,iv:If+1mPzQ5lJ2yBxIAhLd+q+fvr5tiFErSoJw7I1oibE=,tag:JTvtX7VHtMUR6yeD1IzIqw==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2024-02-04T23:40:55Z"
+ mac: ENC[AES256_GCM,data:GTIJ4Ttl9KM+1m/8Mr3wQb9UzTY0vZzRyCxpqRiu0nUoRUpLh1PlRgqnjGfGWnTwbnV2iCk5RypLRrbpRipWUI/eMfTdelhVw2FwutTVwwAL+12o/rHQ4HCNztpTu6NML7vn4PZ0Sa3gOfbVTdRn2eaZecPhHJjtVUea2q0edq0=,iv:pvLpJxgaPuVtuseWA7jzTuVveGJhNHZ6Doc5EXMM9Eo=,tag:YwkvT5Wbq+zJGLNhrck+Hg==,type:str]
+ pgp:
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU
+ ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg
+ sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR
+ lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ
+ 3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK
+ /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0
+ s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5
+ dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV
+ 8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN
+ hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo
+ K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS
+ 5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ
+ sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA==
+ =SQqg
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV
+ 8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o
+ zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX
+ 6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM
+ 8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD
+ WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22
+ 5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O
+ HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV
+ cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte
+ hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS
+ q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU
+ ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI
+ BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9
+ +rtkG7tPbA==
+ =tvBa
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$
+ version: 3.7.3
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: miniflux-oauth2
+type: Opaque
+stringData:
+ client_id: ENC[AES256_GCM,data:UG7l/yGuJIM=,iv:B5nfhOTZ92t5gtm6qgpMBtHvZOiwUhg7ROtktTyocRs=,tag:JsVELl1JYkkTB2Y50RV8Dg==,type:str]
+ client_secret: ENC[AES256_GCM,data:XZAUm0l6p2FjkeW6la6tDcRKmKA8a3cYykm1gv5F58A=,iv:c7At/DkAV71ed7x/LCS2NI6tnX1/E1gy5MuQSjwHBmE=,tag:B86HqNBPFehEWW/kbWUN4g==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ age: []
+ lastmodified: "2024-02-04T23:40:55Z"
+ mac: ENC[AES256_GCM,data:GTIJ4Ttl9KM+1m/8Mr3wQb9UzTY0vZzRyCxpqRiu0nUoRUpLh1PlRgqnjGfGWnTwbnV2iCk5RypLRrbpRipWUI/eMfTdelhVw2FwutTVwwAL+12o/rHQ4HCNztpTu6NML7vn4PZ0Sa3gOfbVTdRn2eaZecPhHJjtVUea2q0edq0=,iv:pvLpJxgaPuVtuseWA7jzTuVveGJhNHZ6Doc5EXMM9Eo=,tag:YwkvT5Wbq+zJGLNhrck+Hg==,type:str]
+ pgp:
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |-
+ -----BEGIN PGP MESSAGE-----
+
+ wcFMA7kpg2bgzVHcARAApcdDAfEgx93xGtkm4f7xTuRhvUyl8lw85rIHbWcAveYU
+ ayU88OLaoQyeZDZkOXbtxMHpry8GbId6vPAJ7KflT2eMP0A4uQGSSCQO6+5QcaYg
+ sbO/zT4vdprN7icLbvmmoK2Dh+hOo5Z7/7YGmdJfaaATzT2BGL/cVS1bonI83vXR
+ lzlW/DglIe7oNEKGVT5vWR5uGvq/dJwSRe/34eutEnJuV30imxHOcpxy3uXJFFXJ
+ 3eKTk8dNLz3UE3IeUjbFdPFZYU+grOAOOCZRK0IOYFn+SF7E3dewgiwEdaXzz3gK
+ /6aEMEmf5vyVqn9jOaqZhKRqE7tW5HnhwIIlxcMPhkLVZvYf4F2EDA5f12C2hdp0
+ s7fFhU7v5GgFaHMJuaWVPxDnWTrNIst9bgeJv/N4RVfrLifrZJcqa9lE8ou0iCr5
+ dLi9d6UjsgWAREIViz+Uz7dJQ9QeJ6PGYgg/xgf0ihJFG7sx+TBG58DKb3G3tyUV
+ 8hfK8Ou9m+zYnd13mJ2mV3rY0rmXusT+NcqTG2G4bBG5NimGpJS3rO7tAjjp/8sN
+ hMM46ay0vVTUXx1FwmjUFDG1e4sc7fKxTaCBizMjeUfZpAOiy/10YQmrFHBsftpo
+ K5j0nFMoG9NeO+2ffEmLhRtxvMe3WpINk7du3F624rYIGCB0aNUP69FCeJKuUQHS
+ 5gH5AwnxOAtQakDksfLxJhUG1NlaS0iAFkZkTTibvOJwsY9L/scDDQlseb5zBKaZ
+ sOPwmn6hL4KavxF9BPG33ILkZKbkcvlaTlAMMY3iBs+MZeIB4+i/AA==
+ =SQqg
+ -----END PGP MESSAGE-----
+ fp: 286791FB6648539775DB31B8FCB98C2A3EC6F601
+ - created_at: "2022-03-22T22:26:35Z"
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA4oYbIHZIrAPAQ//fGGoDT5KfsG/o6r5xhDHSc0IFH6zT2TFIB6TuA5SwHfV
+ 8t3IeKD0bE//4f8AxGAVocw+AetolwrQL/Tl+n0UV9P44Jeh5VlCAGltHcowR53o
+ zdjS3+i9K3OOvQFhF+aYrPcnc+aTn9KbptHCam0w+Lr2UkYSAPAZHsBcoMp24mHX
+ 6A+5kP1kaRzFzEn4TCNeTt13W1AsJIoSagkBWfYRBkRPk1OzGOuYqX6yeqj7a0kM
+ 8uiloTQgWOiBSOyRtxUJi87CTrMXyb0F2E9HMyhgRnzF0YX0ZU0UVG8MNdRL8eFD
+ WYY68OK7DQw3zlJubscYQ2jltxKcq5g9qUCw/sXaNurtohIx9UeaHtfp036EMb22
+ 5StgGEnBirUzfSrQGT3kuj20lcMtQAr/d1UsmQNjB36eOZSrx0m80pO8JVYL62/O
+ HLYnAHU52aAPtE7brNEVg4yRLCbWyVY3Z3H9OaTVXwNIMFoMEgkHHnNlsb+1ZnhV
+ cStKMO3H6W8eXQi3VGIVNhuC1ltsxHQL1I22Kr41JEnuaB9Jy5bsEbrO4XGyDdte
+ hMI8Gx+0KZAMlKuZKLS6sMa4oVnQTy8w20PtVrrS0zDrQRPpxBrOgzjrNeMj9FpS
+ q/efiCAOBc8eVd8N/7j66UItwrysfmIfsHWfoPotS7F6WmUHeAyoWjfcvTZyd4bU
+ ZgEJAhAtdCnHNvUSl5O9XZuSu51pRwj+O72kZXRSJWv7GTT9dsRfuM5Dy9A/tuVI
+ BuZraI4JyAWb2KbkM6onp3Rh9IcLuzqEYm/ETktxTtO1HlcVPJ2NMcFgTCzaIGX9
+ +rtkG7tPbA==
+ =tvBa
+ -----END PGP MESSAGE-----
+ fp: B137EE1549DFAF960DD1E2B15147025FB9F09E07
+ encrypted_regex: ^(data|stringData|email|dnsZones?|dnsNames?|hosts?|tang|externalURL|.*-secret|.*-url|.*Secrets?|.*-domain|password|subjects|node|apiURL|.*(S|s)erverNames?|.*SecretKey)$
+ version: 3.7.3
diff --git a/apps/k8s01/miniflux/slo.yaml b/apps/k8s01/miniflux/slo.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ea03571b1ea53bee0c294f0f15c9eebd167c528f
--- /dev/null
+++ b/apps/k8s01/miniflux/slo.yaml
@@ -0,0 +1,40 @@
+apiVersion: sloth.slok.dev/v1
+kind: PrometheusServiceLevel
+metadata:
+ name: requests-miniflux
+spec:
+ service: "miniflux"
+ slos:
+ - name: "requests-availability"
+ objective: 98
+ description: "Miniflux: SLO based on availability for HTTP request responses."
+ sli:
+ events:
+ errorQuery: sum(rate(nginx_ingress_controller_requests{exported_namespace="miniflux",ingress="miniflux",status=~"(5..|429)"}[{{.window}}])) OR vector(0)
+ totalQuery: sum(rate(nginx_ingress_controller_requests{exported_namespace="miniflux",ingress="miniflux"}[{{.window}}])) > 0 OR vector(1)
+ alerting:
+ name: MinifluxHighErrorRate
+ labels:
+ category: "availability"
+ annotations:
+ summary: "High error rate on 'blog' requests responses"
+ - name: "requests-latency"
+ objective: 95
+ description: "Miniflux: SLO based on latency for HTTP request responses. Warns if requests take longer than 250ms. When responses are slower than 200ms they become noticable slow."
+ labels:
+ category: latency
+ sli:
+ events:
+ errorQuery: |
+ (
+ sum(rate(nginx_ingress_controller_request_duration_seconds_count{exported_namespace="miniflux",ingress="miniflux",method!="WATCH"}[{{.window}}]))
+ -
+ sum(rate(nginx_ingress_controller_request_duration_seconds_bucket{exported_namespace="miniflux",ingress="miniflux",le="0.25",verb!="WATCH"}[{{.window}}]))
+ )
+ totalQuery: sum(rate(nginx_ingress_controller_request_duration_seconds_count{exported_namespace="miniflux",ingress="miniflux",method!="WATCH"}[{{.window}}])) > 0 OR vector(1)
+ alerting:
+ name: MinifluxLatencyAlert
+ labels:
+ category: "latency"
+ annotations:
+ summary: "Slow responses on 'miniflux' requests responses. More than 1% take more than 250ms."